04-18-2011 11:48 AM - edited 03-11-2019 01:22 PM
Hi Foks
i have two ACS in my network
192.168.100.1 and 192.168.100.2,and both are configured as aaa-server group, now i want to test the vpn connection with the 2nd ACS server if its working fine,so my question is how to direct my vpn users to 2nd acs for authentication
thanks
04-19-2011 12:26 AM
Hi,
In the configuration do the following:
tunnel-group
authentication-server-group
Try the connection and check if it is successful or not.
Hope this helps.
Regards,
Anisha
P.S.: please mark this thread as answered, if you feel your query is resolved. Do rate helpful posts.
04-19-2011 01:01 AM
Hi Anisha
tunnel-group
authentication-server-group MYACS
in the Group MYACS
I have 2 defined servers as well as the the 3rd one that i need to verify if its authenticate the vpn users,
04-20-2011 06:36 AM
Hi,
It will check the AAA servers defined in you authentication-server-group MYACS in a sequential manner.
the request will be forwarded to secondary AAA server only if the primary AAA server is not reachable.
for testing purpose you can do things.
1. create another aaa-server ACS2. replace the MYACS with the ACS2 and test. This will cause an outage as the new requests will try to get authenticated to ACS2. If the authentication is not successful, then a business loss can happen.
2. do a test aaa authentication MYACS host < ip address of ACS2>
this will check if the authentication is successful via the ASA or not. if yes, then you can be ensured that the authentication will work fine if the primary AAA server is unreachable.
Hope this helps.
Regards,
Anisha
P.S.: please mark this thread as answered if you feel your query is resolved. Do rate helpful posts.
04-20-2011 11:32 AM
thanks Anisha,I Realy Appreciate ur help
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide