Solved: Configuring authentication with two different (non-redundant) authentication servers

laplace12 · ‎11-08-2016

What I am trying to do is test a new authentication server while not disrupting the service for the current server already in place.

I would like to test remote access to the network.

Currently, I am using an ASA 5510 which is configured to use an RSA server for authentication.

I want to configure the ASA to also use a RADIUS server, for a different form of authentication, without impacting the current RSA authentication.

I found this topic which discusses something similar:

but it seems to imply you can only configure two servers if they are using two different protocols so I think it would not work in my case?

Could someone clarify if what I would like to do is possible?

Kanwaljeet Singh · ‎11-08-2016

Hi,

You will have to tweak the configuration for remote users.

You can create another tunnel-group as well as group policy and for this tunnel-group, you can use the newly created RADIUS server group.

tunnel-group Test-new type remote-access
tunnel-group Test-new general-attributes
address-pool vpn
authentication-server-group Radius-new-group

authorization-server-group Radius-new-group
accounting-server-group Radius-new-group
default-group-policy "new-policy-created".

When users will connect to this tunnel-group, they will be authenticated/authorized against "Radius-new-group".

Hope this helps!

Regards,

Kanwal

Please mark answers if they are helpful.

Kanwaljeet Singh · ‎11-08-2016

Hi,