Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

APM SSL VPN with 2 Radius Token

Hello F5 community,

One question, it is possible to have an APM SSL VPN policy, authenticated through active directory and two Radius Tokens servers so that I can use the token code of a radius server to successfully communicate, for example Client ---- -> Active Directory --- AND ---- (Radius1 ---- OR ---- Radius2) --- = Successful VPN

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hi

It should be possible. What criteria would decide whether Radius 1 or Radius 2 would be used ?

For example you could imagine :
1 - AD Auth
2 - AD Query to get the group membership
3 - If Group 1 -> Radius 1 --> Success
4 - If Group 2 -> Radius 2 --> Success

Of course the criteria can be pretty much anything in your case. And you could cascade the Radius. If Radius 1 fail, try Radius 2...

Yoann

0
Comments on this Answer
Comment made 1 week ago by Edward Sinche C 76

Hello Yoann,

How i can in the portal of vpn f5, selection my multiple factor of authentication, if i need use the Radius1, i can selecting if i need use the Radius2, i can selecting, it is examplo: https://goo.gl/images/YjACGM

Thanks for you help me

0
Comment made 1 week ago by Yoann Le Corvic 236

Hi

OK so are you running 11.5 or >?

If so then you just need to a select box in your log-on page and then use branch rules to select the right radius.

Check this out https://devcentral.f5.com/articles/apm-cookbook-multiple-domain-authentication-part-1

This was to select a domain, but just use the same logic with your radius server.

This should help

Let us know if not.

0
Comment made 1 week ago by Edward Sinche C 76

Hello Friend,

I can configuration the polity with the articule, but it is for multiples active directory, i have two diferentes server RSA, is possible have the same articule but only if i can selecte anyone of the server radius

0
Comment made 1 week ago by Yoann Le Corvic 236

Hi

Yes it's possible. You just need to change : - The variable names e.g (radiusserver) - the content of the select box e.g. "Radius1;Radius2" - The decision box in the VPE with the right variables, e.g. session.logon.last.radiusserver and and values e.g. Radius1 or Radius2

Yoann

0