Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
639
Views
5
Helpful
2
Replies

ASA with Radius - reactivation mode (depletion or timed)

slizarraga
Level 1
Level 1

‎03-27-2022 03:57 PM

I have a Firepower firewall running ASA 9.14.4 software. This device ends near 5000 VPN endpoints (1800 are anyconnect clients).

 

I have a AAA Radius groups with 2 servers. The configuration running for reactivation is the default (depletion and 10 mins for dead time).
My question is what are the pros or cons of each reactivation mode?

 

I have some issues every 1 or 2 days for some 15 to 20 minutes when customers stop authenticating and I see a FAILED log for both Radius servers. I know that the solution must go and look for the servers, but I really think that the reactivation mode with failing servers is a bad combination, because of the dead time of 10 minutes.

Apart from checking the servers, which reactivation configuration is suggested? Should I change to timed, or should I try decreasing the dead time?
Thanks!!!

Labels:
2 Replies 2

MHM Cisco World
VIP
VIP

‎03-27-2022 04:44 PM

are both radius server in same group ?

0 Helpful

slizarraga
Level 1
Level 1
In response to MHM Cisco World

‎03-27-2022 05:15 PM

Yes MHM, they are both in the same group.

0 Helpful
Customers Also Viewed These Support Documents