cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1347
Views
5
Helpful
3
Replies

FTD Radius Traffic Through Site-Site VPN

Travis307
Level 1
Level 1

Hello,

 

I have an ASA 5508-X running FTD code in a site to site vpn w/ FMC.  Hosts on inside interface are able to auth via radius through VPN tunnel.  However the FTD is unable to pass radius through the VPN.  How can I configure the device to send radius traffic via inside interface rather than the outside int.  Any advice would be greatly appriciated.

 

Thanks,

 

3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

Take example :

 

A----B VPN Tunnrel, Radius Server on A side, and you like B side Lan side devices to send radius packets via Tunnel ?

 

if the traffic via tunnel routed that IP address, then it will do,

 

or we understand the requirement wrong here ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

The VPN is working and passing traffic from lan B to Lan A where radius server resides, a client can authenticate via the VPN from Lan B.  The issue is trying to authenticate to the FTD itself.  Example setting up Cisco AnyConnect access to the FTD, I have to use local accounts rather than pass the traffic through the VPN as if it were Lan B.  Does that make sense?  

As the authentication traffic in this case will be exchanged via the management interface, I think you would need to allow and include the FTD management port IP/subnet over the VPN tunnel. You would also need to add the FTD management IP address to the RADIUS server as a client.