04-06-2011 09:46 AM
Hi all.
I search on the internet to find a way or first, to know if it's possible to do what I want to do, but I do not find anything corresponding to what I'm looking for. Possible that I do not have the right key word.
We are changing our old Pix 515e this weekend and for brand new ASA 5510.
With this new installation, I would like to implement the Radius authentication for remote vpn user. Changing the firewall of the company has many impact and for the first phase the user will keep authenticating locally but I need that in phase 2, they will be authenticated via a radius server.
Is there a way to configure both authentication for remote vpn user?
For exemple.
All user will be authenticated locally except the member of the IT Department who will be authenticated by the radius server for testing.
I have remote vpn users around the world so I do not want these users to be blocked by the testing of the radius authentication. What I want is that users in group1 will be authenticated locally on the ASA and users in group2 will be authenticated by the radius. When testing will be done, all users will be transfer to the radius authentication gradually.
Is it possible
Thanks
Jonathan
Network Administrator
Solved! Go to Solution.
04-06-2011 10:13 AM
Hi Jonathan,
The Best way of going about this would be that you set up another Group policy & corresponding tunnel group named Test and set up Radius authentication for that VPN group using the following link :-
Ones you are done testing and feel confident , you can change the authentication type for the Production Group. The other way could be setting up dual authentication like radius and if that fails use Local but personally I will set up a test Group and then ones I am confident I will change the Production Group policy to use Radius Server for auth.
Manish
04-06-2011 10:13 AM
Hi Jonathan,
The Best way of going about this would be that you set up another Group policy & corresponding tunnel group named Test and set up Radius authentication for that VPN group using the following link :-
Ones you are done testing and feel confident , you can change the authentication type for the Production Group. The other way could be setting up dual authentication like radius and if that fails use Local but personally I will set up a test Group and then ones I am confident I will change the Production Group policy to use Radius Server for auth.
Manish
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide