I have 2 tunnel-groups:
tunnel-group test type ipsec-ra
tunnel-group test general-attributes
authorization-server-group (inside) LOCAL
authorization-server-group (outside) LOCAL
tunnel-group test ipsec-attributes
tunnel-group Users type ipsec-ra
tunnel-group Users general-attributes
tunnel-group Users ipsec-attributes
Usaers is the production vpn access group, it uses the LOCAL database for authentication and most important for this question - it is working well.
test as you can guess is a test group that was created back in the time that I configured ASA5505 for the first time. it is also working.
both groups use the same LACAL database BUT as you can see the Users group doesn't have anything to show it.
I have to change the authentication from LOCAL to RADIUS (which I've tested from that ASA and working fine). I want to start by testing the test group and if it's all good - apply on the Users group.
how should I do it?
how do I make RADIUS primary authentication source with fall back to the LOCAL if RADIUS is down?