Hello F5 community,
One question, it is possible to have an APM SSL VPN policy, authenticated through active directory and two Radius Tokens servers so that I can use the token code of a radius server to successfully communicate, for example Client ---- -> Active Directory --- AND ---- (Radius1 ---- OR ---- Radius2) --- = Successful VPN
It should be possible. What criteria would decide whether Radius 1 or Radius 2 would be used ?
For example you could imagine :
1 - AD Auth
2 - AD Query to get the group membership
3 - If Group 1 -> Radius 1 --> Success
4 - If Group 2 -> Radius 2 --> Success
Of course the criteria can be pretty much anything in your case. And you could cascade the Radius. If Radius 1 fail, try Radius 2...
How i can in the portal of vpn f5, selection my multiple factor of authentication, if i need use the Radius1, i can selecting if i need use the Radius2, i can selecting, it is examplo:
Thanks for you help me
OK so are you running 11.5 or >?
If so then you just need to a select box in your log-on page and then use branch rules to select the right radius.
Check this out
This was to select a domain, but just use the same logic with your radius server.
This should help
Let us know if not.
I can configuration the polity with the articule, but it is for multiples active directory, i have two diferentes server RSA, is possible have the same articule but only if i can selecte anyone of the server radius
Yes it's possible. You just need to change :
- The variable names e.g (radiusserver)
- the content of the select box e.g. "Radius1;Radius2"
- The decision box in the VPE with the right variables, e.g. session.logon.last.radiusserver and and values e.g. Radius1 or Radius2