Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
562
Views
0
Helpful
3
Replies

SSLVPN authentication via another RSA server not working

Mike Farnschlaeder
Level 1
Level 1

‎07-28-2015 07:48 AM - edited ‎03-10-2019 10:56 PM

A customer of us configured a addiitional RSA-Server in "Remote Access VPN" -> "AAA/Local Users" -> "AAA Server Groups".

He the configured "Accounting Mode -> "Simultaneous", but this is not working.

Only the first server will be asked in this group and not both of them. When changing the order of the two servers, the first one will always be choosen.

 

How can i fix this?

ASA5515

ASA Version 9.4.(1) , ASDM 7.4.(3)

 

Thanks in advance.

 

 

 

Labels:
0 Helpful
3 Replies 3

jan.nielsen
Level 7
Level 7

‎07-28-2015 09:42 AM

I believe the ASA only uses AAA group for redundancy, not load-balancing.

0 Helpful

Mike Farnschlaeder
Level 1
Level 1
In response to jan.nielsen

‎07-28-2015 11:31 AM

I just found this:

Generally in failover scenarios we create AAA server group on ASA. The security appliance contacts the first server in the group. If that server is unavailable, the security appliance contacts the next server in the group, if configured. If all servers in the group are unavailable, the security appliance tries the local database if you configured it as a fallback method (management authentication and authorization only). If you do not have a fallback method, the security appliance continues to try the AAA Servers

0 Helpful

jan.nielsen
Level 7
Level 7
In response to Mike Farnschlaeder

‎07-28-2015 11:48 AM

Yes, like i said, ASA uses the aaa group for redundancy, and does not load-balance the requests between multiple servers in a aaa group. If you need this i would suggest using a load balancer

0 Helpful
Customers Also Viewed These Support Documents