01-16-2003 11:26 AM - edited 02-21-2020 10:05 AM
We're running version 3.6.3 on our concentrator and client. We've got a group defined 2 authentication servers defined a) radius b) NT domain. What we'd like to happen is, if 'A' is down, authentication against 'B'. Is that even possible?
01-16-2003 11:40 AM
If you are creating client IPSec tunnels to the concentrator, then you have to select that authentication protocol you want to use ( radius, NT, SDI, local or none). Based on that, you can specify the Authentication server. So if you selected radius for authenticaion, then the request would only go to the Radius server
Hope that makes sense
Jazib
01-16-2003 11:55 AM
Are you saying to create multiple VPN dialer connections (ie. one config authenticating against Radius, another one authenticating against NT) so that, if the Radius fails to authenticate, have them try the NT dialer connection?
We'd like to ensure high availability... preferably we'd like our Radius server(s) to authenticate vpn session. If that Radius server(s) happens to be down, authenticate the session against our NT server(s) automatically.
01-16-2003 07:46 PM
What Jazib is saying is that this isn't possible. Within the group that the user is configured to connect to, you can only specify one authentication type.
You can have a backup of that same authentication type. For example, if you specified Radius as the authentication type for this group, and you had two Radius servers, then the second would be a backup to the first.
If you have different authentication types however, such as in your case, then they can't be a backup for each other.
01-17-2003 04:32 AM
Thanks for the clarification.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide