Re: How does one setup authentication server failover on a 3015

dsiwa · ‎01-16-2003

We're running version 3.6.3 on our concentrator and client. We've got a group defined 2 authentication servers defined a) radius b) NT domain. What we'd like to happen is, if 'A' is down, authentication against 'B'. Is that even possible?

jfrahim · ‎01-16-2003

If you are creating client IPSec tunnels to the concentrator, then you have to select that authentication protocol you want to use ( radius, NT, SDI, local or none). Based on that, you can specify the Authentication server. So if you selected radius for authenticaion, then the request would only go to the Radius server

Hope that makes sense

Jazib

dsiwa · ‎01-16-2003

Are you saying to create multiple VPN dialer connections (ie. one config authenticating against Radius, another one authenticating against NT) so that, if the Radius fails to authenticate, have them try the NT dialer connection?

We'd like to ensure high availability... preferably we'd like our Radius server(s) to authenticate vpn session. If that Radius server(s) happens to be down, authenticate the session against our NT server(s) automatically.

gfullage · ‎01-16-2003

What Jazib is saying is that this isn't possible. Within the group that the user is configured to connect to, you can only specify one authentication type.

You can have a backup of that same authentication type. For example, if you specified Radius as the authentication type for this group, and you had two Radius servers, then the second would be a backup to the first.

If you have different authentication types however, such as in your case, then they can't be a backup for each other.

dsiwa · ‎01-17-2003

Thanks for the clarification.

How does one setup authentication server failover on a 3015 concentrator?