This post describes how to configure Netscaler Access Gateway appliance to use RADIUS & LDAP as authentication methods.

We do have two scenarios to keep in mind:
1. You must use RADIUS authentication as primary authentication and LDAP as secondary for the native receiver access (mobile devices & receiver)
2. It is preferable to use LDAP authentication as primary authentication and RADIUS as secondary for the receiver for web access (all web browsers)

Attention: I will not go through the steps to create the authentication servers

To configure this task, from the Configuration Utility, go to System > Authentication and create two authentication policies for LDAP and two for RSA

1. Create an LDAP policy for the native receiver


2. Create an LDAP policy for receiver for web


3. Create a Radius policy for receiver for native receiver


4. Create a Radius policy for receiver for receiver for web


Now, you need to bind the policies you just created to your AGVIP. We are going to bind two policies as primary authentication policies and two as secondary authentication policies as follows:

1. Primary authentication policies…


2. Secondary authentication policies…



As last step you need to reconfigure all your vpn session profiles by enabeling Credential index (Client Experience Tab) and set it to Primary for receiver for web profiles and as Secondary for native receiver profiles and reconfigure authentication method on your Storefront gateways and set it to (Domain & Security Token).