authentication

Ibrahim Jamil · ‎04-18-2011

Hi Foks

i have two ACS in my network

192.168.100.1 and 192.168.100.2,and both are configured as aaa-server group, now i want to test the vpn connection with the 2nd ACS server if its working fine,so my question is how to direct my vpn users to 2nd acs for authentication

thanks

andamani · ‎04-19-2011

Hi,

In the configuration do the following:

tunnel-group  general-attributes     
     authentication-server-group 

Try the connection and check if it is successful or not.

Hope this helps.

Regards,
Anisha

P.S.: please mark this thread as answered, if you feel your query is resolved. Do rate helpful posts.

Ibrahim Jamil · ‎04-19-2011

Hi Anisha

tunnel-group general-attributes
authentication-server-group MYACS

in the Group MYACS

I have 2 defined servers as well as the the 3rd one that i need to verify if its authenticate the vpn users,

andamani · ‎04-20-2011

Hi,

It will check the AAA servers defined in you authentication-server-group MYACS in a sequential manner.

the request will be forwarded to secondary AAA server only if the primary AAA server is not reachable.

for testing purpose you can do things.

1. create another aaa-server ACS2. replace the MYACS with the ACS2 and test. This will cause an outage as the new requests will try to get authenticated to ACS2. If the authentication is not successful, then a business loss can happen.

2. do a test aaa authentication MYACS host < ip address of ACS2>

this will check if the authentication is successful via the ASA or not. if yes, then you can be ensured that the authentication will work fine if the primary AAA server is unreachable.

Hope this helps.

Regards,
Anisha

P.S.: please mark this thread as answered if you feel your query is resolved. Do rate helpful posts.

Ibrahim Jamil · ‎04-20-2011

thanks Anisha,I Realy Appreciate ur help