03-27-2022 03:57 PM
I have a Firepower firewall running ASA 9.14.4 software. This device ends near 5000 VPN endpoints (1800 are anyconnect clients).
I have a AAA Radius groups with 2 servers. The configuration running for reactivation is the default (depletion and 10 mins for dead time).
My question is what are the pros or cons of each reactivation mode?
I have some issues every 1 or 2 days for some 15 to 20 minutes when customers stop authenticating and I see a FAILED log for both Radius servers. I know that the solution must go and look for the servers, but I really think that the reactivation mode with failing servers is a bad combination, because of the dead time of 10 minutes.
Apart from checking the servers, which reactivation configuration is suggested? Should I change to timed, or should I try decreasing the dead time?
Thanks!!!
03-27-2022 04:44 PM
are both radius server in same group ?
03-27-2022 05:15 PM
Yes MHM, they are both in the same group.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide