cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
617
Views
10
Helpful
4
Replies

authentication

Ibrahim Jamil
Level 6
Level 6

Hi Foks

i have two ACS in my network

192.168.100.1 and 192.168.100.2,and both are configured as aaa-server group, now i want to test the vpn connection  with the 2nd ACS server if its working fine,so my question is how to direct my vpn users to 2nd acs for authentication

thanks

4 Replies 4

andamani
Cisco Employee
Cisco Employee

Hi,

In the configuration do the following:


tunnel-group  general-attributes     
     authentication-server-group


Try the connection and check if it is successful or not.

Hope this helps.

Regards,
Anisha

P.S.: please mark this thread as answered, if you feel your query is resolved. Do rate helpful posts.

Hi Anisha

tunnel-group general-attributes    
     authentication-server-group
MYACS

in the Group MYACS

I have 2 defined servers as well as the the 3rd one that i need to verify if its authenticate the vpn users,

Hi,

It will check the AAA servers defined in you authentication-server-group MYACS in a sequential manner.

the request will be forwarded to secondary AAA server only if the primary AAA server is not reachable.

for testing purpose you can do things.

1. create another aaa-server ACS2. replace the MYACS with the ACS2 and test. This will cause an outage as the new requests will try to get authenticated to ACS2. If the authentication is not successful, then a business loss can happen.

2. do a test aaa authentication MYACS host < ip address of ACS2>

this will check if the authentication is successful via the ASA or not. if yes, then you can be ensured that the authentication will work fine if the primary AAA server is unreachable.

Hope this helps.

Regards,
Anisha

P.S.: please mark this thread as answered if you feel your query is resolved. Do rate helpful posts.

thanks Anisha,I Realy Appreciate ur help

Review Cisco Networking for a $25 gift card