Hello,
I have a FTD (managed by FMC) with a RA VPN profil where I have configured ISE as AAA server. The ISE server is located in a remote site behind another FTD, so I have creted a L2L between both FTD's. The tunnel works and I have no issue accessing either the ISE server or other resources over the tunnel. The problem is that the radius request from my local FTD newer seems to make it over the tunnel. I can see the radius request in the local logs but they newer shows up in the remote logs. However, if I do a packet-tracer from my local FTD, using the inside interface as a source and ISE as destination, then I will see the traffic in the remote logs.
Here is how I have configured the AAA server that my VPN profile is using
Anyone else using a similiar setup with radius authentication over L2L tunnel and know what the issue might be?
Thanks
/Chess
Yes, the tunnel is working fine and I have no other problems connecting to other remote resources over the tunnel. It just radius requests from the local FTD that not getting through. If have tried with the "test aaa-server authentication" command from the local FTD, but it just gives me the following error "ERROR: Authentication Server not responding: No active server found"
However, a tcp ping works fine. (I cannot test with the real radius port since it udp, so I use 443 instead for the test)
x.x.x.x=ise server ip
y.y.y.y=FTD inside IP
ftd01# ping tcp inside x.x.x.x 443 source y.y.y.y 1125
Type escape sequence to abort.
Sending 5 TCP SYN requests to x.x.x.x port 443
from y.y.y. starting port 1125, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/3 ms
When looking at the logs on the remote site, I can also verify that my TCP ping is reaching the other side of the tunnel
Thanks
/Chess
