I have Cisco ASA5506-X (ver. 9.8(2)20, asdm 7.9(1)151) on my remote site. I want to setup VPN access with authentication from Active Directory. I want to use AD passwords for auth in ASDM and SSH (if it fails use LOCAL) also.
I already did it past on Cisco PIX515E and Cisco ASA5505 using this manual:
But now I have trouble because it is first time when I use radius server (NPS) located on remote site (behind IPSec Site-to-SIte). When I try to execute test I receive Time out.
Built outbound UDP connection 2053719 for outside:192.168.111.246/1645 (192.168.111.246/1645) to identity:18.104.22.168/7272 (22.214.171.124/7272)
where 192.168.111.246 is IP of my NPS servers located on remote site behind IPSec.
126.96.36.199 is my public IP of ASA5506.
I guess I need to make NAT exempt between inside-bridge and outside interface as I did it for inside1 and inside2 interfaces in order to avoid natting into outside interface.
nat (inside-bridge,outside) 7 source static inside-bridge-network inside-bridge-network destination static bs-office-networks bs-office-networks no-proxy-arp route-lookup
But I cannot do it:
P.S. If I make ping 192.168.111.246 from ASA with source inside-bridge then ping successful, but it fails from inside1 or 2 OR without source interface:
P.S.S: I understand that I can public my remote NPS server ports 1645-1646 to internet IP address on remote site and specify it address on ASA (with source as outside interface), but I don't want to do it (security considerations).