Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
624
Views
0
Helpful
3
Replies

Radius Authentication - Remote LAN

Locayta123
Level 1
Level 1

‎06-29-2012 03:03 AM - edited ‎03-10-2019 07:15 PM

Hi all.

I am attempting to configure Radius authentication accross a site-to-site VPN for my ASA 5510-01 for remote access.

ASA5510-1 currently has a live site to site to ASA5510-2.

ASA 5510-1 - 10.192.0.253

ASA 5510-2 - 172.16.102.1

DC - 172.16.102.10

ASA5510-01 can ping the DC and vica versa but is unable to authticate when i perform a test. ASA5510-01 can authenticate to a DC on it;s own LAN but not on the remote LAN that DC sits on.

I have double checked the 'Server Secret Key' and ports as well as various users which all work locallly. ASA5510-02 authenticates to DC with no problems.

Labels:
0 Helpful
3 Replies 3

Tarik Admani
VIP Alumni
VIP Alumni

‎06-29-2012 05:36 AM

Hi,

When authenticating via radius you need to point the ASA to a radius server. Are the DCs running microsoft IAS? If so, can you post the contents of your radius server configuration and also are you using the proper interfaces for these radius servers?

You can also setup a capture on the ASA for port 1645, 1646 along with 1812 and 1813 (depending how you configured your radius servers and see if the response is leaving on the right interface.

Also what command are you using when you attempt the test?

Thanks,

Tarik Admani

0 Helpful

Locayta123
Level 1
Level 1
In response to Tarik Admani

‎06-29-2012 06:33 AM

The DC's are running Microsoft IAS.

ASA5510-02 which is on the same network / subnet as the DC can authenticate against it.

ASA5510-01 which is on a remote LAN over the VPN is unable to authenticate to it. I have replicated the AAA config's.

0 Helpful

Oliver Laue
Level 4
Level 4
In response to Locayta123

‎06-29-2012 09:03 AM

Hi Jamie,

Can you post your radius server configuration from your ASA.

Sent from Cisco Technical Support iPad App

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents