Solved: RADIUS based AAA for remote access tunnel groups (remote access VPN users)

aimarchitect · ‎11-23-2011

Hi,

How would I go about configuring RADIUS based AAA for remote access VPN users? I have an OSX RADIUS server and an ASA 5510

I think I need to configure something like:

aaa-server RADIUS-GROUP protocol radius

aaa-server RADIUS-GROUP (inside) A.B.C.D

key KEYNAME

(I want to keep console and SSH using LOCAL, so I keep this: "aaa authentication ssh console LOCAL", right?)

What does the rest of the config look like to get RADIUS based AAA for remote access VPN users?

Thanks

mvsheik123 · ‎11-28-2011

Hi Greg,

Along with the above commands, you need to configure server-group in the 'tunnel-group type general-attributes.

!

'tunnel-group type general-attributes

authentication-server-group RADIUS-SERVER

!

hth

MS

View solution in original post

Julio Carvajal · ‎11-23-2011

Hello Greg,

Ssh question? Yes, with the LOCAL you are going to keep it with the database.

Remote access VPN Users ( Web clients) question?

aaa authentication secure-http-client
aaa authentication include https outside 60.60.60.60 255.255.255.255 Radius_server


Please rate helpful posts,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

aimarchitect · ‎11-28-2011

Actually, I was looking for the configuration for standalone VPN client remote access users, not web client users. Thanks.

mvsheik123 · ‎11-28-2011

Hi Greg,

Along with the above commands, you need to configure server-group in the 'tunnel-group type general-attributes.

!

'tunnel-group type general-attributes

authentication-server-group RADIUS-SERVER

!

hth

MS

aimarchitect · ‎11-28-2011

Thanks MS! is there a way to configure back-up AAA using the locally configured info if the RADIUS server goes off line?

Would it look something like?

!

'tunnel-group type general-attributes

authentication-server-group RADIUS-SERVER LOCAL

!