• Advertisement

vpn authentication

IPsec, L2TP, Split tunneling, PPTP and all other VPN related posts.

vpn authentication

Postby Guest » Tue Jan 11, 2011 3:36 pm


I have 2 tunnel-groups:

tunnel-group test type ipsec-ra

tunnel-group test general-attributes

address-pool VPN_Pool

authorization-server-group LOCAL

authorization-server-group (inside) LOCAL

authorization-server-group (outside) LOCAL

default-group-policy test

authorization-required

tunnel-group test ipsec-attributes

pre-shared-key *

and

tunnel-group Users type ipsec-ra

tunnel-group Users general-attributes

address-pool VPN_Pool

default-group-policy Users

tunnel-group Users ipsec-attributes

pre-shared-key *

Usaers is the production vpn access group, it uses the LOCAL database for authentication and most important for this question - it is working well.

test as you can guess is a test group that was created back in the time that I configured ASA5505 for the first time. it is also working.

both groups use the same LACAL database BUT as you can see the Users group doesn't have anything to show it.

I have to change the authentication from LOCAL to RADIUS (which I've tested from that ASA and working fine). I want to start by testing the test group and if it's all good - apply on the Users group.

how should I do it?

how do I make RADIUS primary authentication source with fall back to the LOCAL if RADIUS is down?

Guest
 

Advertisement

Re:vpn authentication

Postby Guest » Tue Jan 11, 2011 4:13 pm


You would go into your tunnel group settings and change the settings accordingly like this:

tunnel-group test general-attributes

authentication-server group <radius srvr name> LOCAL

This will cause the tunnel group to use Radius first and Local if Radis fails. Note you might want to remove the authorization part of your setup.

Guest
 

Re:vpn authentication

Postby Guest » Tue Jan 11, 2011 5:24 pm


currently my LOCAL apply different privilege levels. when switching to IASAD will I still have a way to enforce different privilege levels?

Guest
 

Re:vpn authentication

Postby Guest » Tue Jan 11, 2011 6:17 pm


Privilege as in privilege levels?

Guest
 

Re:vpn authentication

Postby Guest » Tue Jan 11, 2011 6:35 pm


yes

1 for non-admin users who require vpn access only

15 for admin who require console management access in addition for their vpn access

Guest
 

Next


  • Advertisement


Similar topics


Return to Virtual Private Networks

Who is online

Users browsing this forum: No registered users and 2 guests

cron