Create an ASA RADIUS server group

A RADIUS server group contains one or more RADIUS server objects. Servers in the group must be copies of each other and form a backup chain.

Use the following procedure to create an object group:

Procedure

Step 1

In the left pane, click Objects.

Step 2

Click Create Object () RA VPN Objects (ASA & FDM) Identity Source.

Step 3

Enter an Object name for the object.

Step 4

Select the Device Type as ASA.

Step 5

Select RADIUS Server Group as the Identity Source Type. Click Continue.

Step 6

Edit the Identity Source configuration with the following properties:

  • Dead Time : Time to wait after the last server fails before reactivating all servers. Failed servers are reactivated only after all servers have failed.

  • Maximum Failed Attempts : Number of failed requests sent to a RADIUS server before the system tries the next server. When this number is exceeded, the system marks the server as failed.

  • Dynamic Authorization/Port Optional change of authorization (CoA) services. Enable only when this server group is used in RA VPN with Cisco ISE.

Step 7

Select an AD realm that supported the RADIUS server from the drop-down menu. If you have not already created an AD realm, click Create from inside the drop-down menu.

Step 8

Click the RADIUS SERVER Add button to add existing RADIUS server objects. Optionally, you can create a new RADIUS server object from this window is necessary.

Note

Add RADIUS server objects in priority order. The first server is used until it becomes unresponsive, and ASA then uses the next server in the list.

Step 9

Review and deploy now the changes you made, or wait and deploy multiple changes at once.