Cisco – How to Multiple Radius server in ASA

aaaauthenticationciscocisco-asaradius

We have two RADIUS server for SecureID token auth for VPN and i have configure 10.1.1.1 (primary) but don't know how to configure 10.1.1.2 (backup radius)

This is what i have currently

aaa-server SecureID protocol radius
aaa-server SecureID (inside) host 10.1.1.1
 key *****
 authentication-port 1812
 accounting-port 1813
...
...
tunnel-group ANYCONNECT-PROFILE type remote-access
tunnel-group ANYCONNECT-PROFILE general-attributes
 address-pool ANYCONNECT-POOL
 authentication-server-group SecureID
 default-group-policy GroupPolicy_ANYCONNECT-PROFILE

Best Answer

You can add the second server to the "SecureID" Server Group as well:

aaa-server SecureID (inside) host 10.1.1.2
key *****
authentication-port 1812
accounting-port 1813

Because both AAA Server in the same Server Group (server_tag) there automaticly used for the tunnel-group.

See this example from the Cisco CLI Guide: https://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/aaa_servers.html#27362

Best Answer

Related Solutions

Cisco – AAA/TACACS+ password on Cisco switch always fails at second password prompt

Cisco – Using RADIUS to restrict SSID on Cisco Aironet

Related Topic