Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
647
Views
0
Helpful
1
Replies

VPN users authenticate with remote PSN

ironman28
Level 1
Level 1

‎05-18-2020 10:13 AM

When users VPN to the HQ with Anyconnect, they are authenticated to the remote office PSN.

I checked external radius for the sequence, it looks correct order check HQ first then the branch office.  But it went directly to the branch office when VPN in.  Office PC is able to login to the network with the HQ PSN.

0 Helpful
1 Reply 1

paul
Level 10
Level 10

‎05-20-2020 03:49 PM

When you say external RADIUS sequence what are you referring to?  The VPN device should point to ISE as RADIUS servers and you should have multiple RADIUS definitions for redundancy.  Do you have the HQ and remote PSN listed in the radius group on the VPN device? 

 

If you have both defined in the RADIUS group and the HQ device failed at some point the VPN device might have failed over to the remote PSN.  Some network devices don't fail back to the first RADIUS servers in their list.  They will keep using the same RADIUS server as long as it is working.  Cisco WLCs by default don't fail back to the primary server in their list.

0 Helpful
Customers Also Viewed These Support Documents