I have an ASA 5508-X running FTD code in a site to site vpn w/ FMC. Hosts on inside interface are able to auth via radius through VPN tunnel. However the FTD is unable to pass radius through the VPN. How can I configure the device to send radius traffic via inside interface rather than the outside int. Any advice would be greatly appriciated.
The VPN is working and passing traffic from lan B to Lan A where radius server resides, a client can authenticate via the VPN from Lan B. The issue is trying to authenticate to the FTD itself. Example setting up Cisco AnyConnect access to the FTD, I have to use local accounts rather than pass the traffic through the VPN as if it were Lan B. Does that make sense?
As the authentication traffic in this case will be exchanged via the management interface, I think you would need to allow and include the FTD management port IP/subnet over the VPN tunnel. You would also need to add the FTD management IP address to the RADIUS server as a client.
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
