- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-23-2011 02:39 PM - edited 03-11-2019 02:54 PM
Hi,
How would I go about configuring RADIUS based AAA for remote access VPN users? I have an OSX RADIUS server and an ASA 5510
I think I need to configure something like:
aaa-server RADIUS-GROUP protocol radius
aaa-server RADIUS-GROUP (inside) A.B.C.D
key KEYNAME
(I want to keep console and SSH using LOCAL, so I keep this: "aaa authentication ssh console LOCAL", right?)
What does the rest of the config look like to get RADIUS based AAA for remote access VPN users?
Thanks
Solved! Go to Solution.
- Labels:
-
NGFW Firewalls
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-28-2011 12:33 PM
Hi Greg,
Along with the above commands, you need to configure server-group in the 'tunnel-group
!
'tunnel-group
authentication-server-group RADIUS-SERVER
!
hth
MS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-23-2011 03:34 PM
Hello Greg,
Ssh question? Yes, with the LOCAL you are going to keep it with the database.
Remote access VPN Users ( Web clients) question?
aaa authentication secure-http-client
aaa authentication include https outside 60.60.60.60 255.255.255.255 Radius_server
Please rate helpful posts,
Julio
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-28-2011 11:15 AM
Actually, I was looking for the configuration for standalone VPN client remote access users, not web client users. Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-28-2011 12:33 PM
Hi Greg,
Along with the above commands, you need to configure server-group in the 'tunnel-group
!
'tunnel-group
authentication-server-group RADIUS-SERVER
!
hth
MS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-28-2011 12:44 PM
Thanks MS! is there a way to configure back-up AAA using the locally configured info if the RADIUS server goes off line?
Would it look something like?
!
'tunnel-group
authentication-server-group RADIUS-SERVER LOCAL
!
