Ben, Yes you can. On the asa, creat aaa server group. Create a group-policy and specify that it is external Under the tunnel group general attributes specify authentication-server-group as the server group crated earlier.
-Srikant Sent from my iPhone On Sep 19, 2012, at 10:37 AM, Ben Shaw <[email protected]> wrote: Hi All I am reviewing Easy VPN knowledge on both ASA and IOS this morning and can't see how to check the group PSK against an external RADIUS server on ASA. I can perform XAUTH against the RADIUS server and also reference an external group policy on that server applied to the tunnel group but can't see what I need to do to actually have the ASA check the RADIUS server for the Phase 1 group password. On IOS I did the following to do this: aaa authorization network easyrad group radius aaa authentication login easyrad group radius crypto isakmp profile vi client authentication list easyrad isakmp authorization list easyrad Is there a way to achieve the following in ASA for centralized P1 and P1.5 authentication and authorization on ASA? Thanks Ben _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
