RADIUS through site-to-site VPN

Frater · #1 (**permalink**) 2007-02-28

OK, next question. =)

Our local sites wants to have VPN conectivity to their Edge boxes.
How do I go about getting the remote Edge boxes to perform its RADIUS auth through the existing Site-to-Site VPN to our central IAS server?

Cheers!

abusharif · #2 (**permalink**) 2007-02-28

enter internal address (on the other side of vpn tunnel) of your radius server in configuration? :)

Frater · #3 (**permalink**) 2007-02-28

ah, yes very true.

I forgot to mention the minor point that I run into MEP routing problems when the Edge box performs its authentication. The RADIUS request packets arrive at our Central IAS but the sender IP that is showing is the Edge outer interface. So any responding traffic is sent through the nearest internet gateway and dies somwere along the way.

Had the Edge box used the internal interface or similar then I would never have this problem since the route to the Edge Lan is published on the corporate network.

I tried Hide NATing the incoming auth requests behind the firewall terminating the VPN, but no luck.

melipla · #4 (**permalink**) 2007-02-28

You're not using a routable IP Address for the external interface? I don't see how reply is getting lost out on the internet...

If the problem is with the reply not being sent back across the tunnel, can't you add the external edge IP into the VPN domain for the edge device?

pbhavsar · #5 (**permalink**) 2007-10-25

On your Edge device run command "set vpn ad gateway-bind-network lan".

jimbul · #6 (**permalink**) 2007-10-30

I have exactly the same issue, did you find the suggested solution effective?

cheers,

Jim

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode