Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
540
Views
0
Helpful
1
Replies

Cisco ASA 5510 VPN User Auth

Go to solution
ItDepartmentLgs
Level 1
Level 1

‎04-06-2011 09:46 AM

Hi all.

I search on the internet to find a way or first, to know if it's possible to do what I want to do, but I do not find anything corresponding to what I'm looking for. Possible that I do not have the right key word.

We are changing our old Pix 515e this weekend and for brand new ASA 5510.

With this new installation, I would like to implement the Radius authentication for remote vpn user. Changing the firewall of the company has many impact and for the first phase the user will keep authenticating locally but I need that in phase 2, they will be authenticated via a radius server.

Is there a way to configure both authentication for remote vpn user?

For exemple.

All user will be authenticated locally except the member of the IT Department who will be authenticated by the radius server for testing.

I have remote vpn users around the world so I do not want these users to be blocked by the testing of the radius authentication. What I want is that users in group1 will be authenticated locally on the ASA and users in group2 will be authenticated by the radius. When testing will be done, all users will be transfer to the radius authentication gradually.

Is it possible

Thanks

Jonathan

Network Administrator

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
manish arora
Level 6
Level 6

‎04-06-2011 10:13 AM

Hi Jonathan,

The Best way of going about this would be that you set up another Group policy & corresponding tunnel group named Test and set up Radius authentication for that VPN group using the following link :-

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806de37e.shtml

Ones you are done testing and feel confident , you can change the authentication type for the Production Group. The other way could be setting up dual authentication like radius and if that fails use Local  but personally I will set up a test Group and then ones I am confident I will change the Production Group policy to use Radius Server for auth.

Manish

View solution in original post

0 Helpful
1 Reply 1

Go to solution
manish arora
Level 6
Level 6

‎04-06-2011 10:13 AM

Hi Jonathan,

The Best way of going about this would be that you set up another Group policy & corresponding tunnel group named Test and set up Radius authentication for that VPN group using the following link :-

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806de37e.shtml

Ones you are done testing and feel confident , you can change the authentication type for the Production Group. The other way could be setting up dual authentication like radius and if that fails use Local  but personally I will set up a test Group and then ones I am confident I will change the Production Group policy to use Radius Server for auth.

Manish

0 Helpful
Customers Also Viewed These Support Documents