Solved: Re: Backup RADIUS server

davidstevenscisco · ‎03-27-2003

Hello,

Does anyone know whether you can configure a PIX to use an alternate RADIUS server if the primary one is not responding? For example, one of our customers authenticates their VPN clients using a RADIUS server with the PIX command:

aaa-server ISA-SERVER (inside) host 10.222.180.10 b1bbyrad1u5 timeout 10

If this RADIUS server fails (as it did recently) can the PIX use another backup radius server?

r.vanwolferen · ‎03-27-2003

Hai David,

The first server in the config wil be attempt to reach. If this one is not reacting (no connection can be made) than after the timeout the second server will be connected.

Greetings,

Rene

View solution in original post

r.vanwolferen · ‎03-27-2003

Yes you can,

You can always configure more than one radius server. So use the same command but with an other ip address.

If the primary fails (no connection could be made) the pix will send the aurthentication to the next server in the configuration.

davidstevenscisco · ‎03-27-2003

Thanks very much for that. Can you clarify this though: Which server will the PIX try first? Will it be the first server in the config?

Thanks

David

r.vanwolferen · ‎03-27-2003

Hai David,

The first server in the config wil be attempt to reach. If this one is not reacting (no connection can be made) than after the timeout the second server will be connected.

Greetings,

Rene

tholmes · ‎04-02-2004

Hi, apologies for hijacking this thread but can CPVN clients access different Radius servers, the line

crypto map newmap client authentication (server tag)

can only point to one server and cna not be changed

Any help appreciated

Regards Tony