VPN Access Using Local and Radius

Discussion in 'Hardware' started by chris10e, Sep 19, 2009.

  1. chris10e


    Sep 19, 2009
    Likes Received:

    Do you have any idea how to authenticate VPN users using both local and radius? I can login using radius but not with local. If I tried to remove authentication-server-group MY_VPN at tunnel group, i can login locally but not radius.

    here is my present configuration below for ASA7.2.

    aaa-server RADIUS_IAS protocol radius
    aaa-server RADIUS_IAS host 10.y.y.y
    key *

    group-policy MY_VPN internal
    group-policy MY_VPN attributes
    dns-server value 10.x.x.x
    vpn-tunnel-protocol IPSec
    group-lock value VPN_CONNECTION
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list value RADIUS_IAS
    default-domain value my.com
    split-dns value my.com

    tunnel-group VPN_CONNECTION type ipsec-ra
    tunnel-group VPN_CONNECTION general-attributes
    address-pool IP_POOL
    authentication-server-group MY_VPN
    default-group-policy MY_VPN
    tunnel-group VPN_CONNECTION ipsec-attributes
    pre-shared-key *
    isakmp keepalive threshold 90

    your help is highly appreciated.

    I tried "authentication-server-group <aaa-server-group name> LOCAL" but still can't make it work.
    chris10e, Sep 19, 2009
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.