Secondary Authentication on ASA 5520


I would like to know if we could get RADIUS authentication on SSH into the ASA 5520 to failover to local user accounts if the RADIUS server rejects the user request or it i snot available. We need to do this so that configurations can be automatically backed up and checked every day for changes using our SolarWinds console.

I seem to recall that we can configure each type of access, e.g. console, ssh, telnet for one type of authentication without failover.

Any help would be greatly appreciated!
Who is Participating?
lrmooreConnect With a Mentor Commented:
Yes, you can select to use LOCAL if the authentication server cannot be reached.
In the ASDM, Device Management | Users/AAA | AAA Access
Authentication tab.
Select SSH and server group for Radius and check the box "use local when server group fails"
Or from command line:
  aaa authentication ssh console <radius grou> LOCAL

Note: it works best if your LOCAL username/password is the same as on the domain
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.