01-04-2021 05:17 AM
Hi,
I have an ISE radius server on the other side of a L2L tunnel and I need to authenticate some RA VPN clients that's connecting to my local FTD 1010.
If I test from a radius client on my network using a radius test tool, I have no problem reaching the radius server, so the issue seems to be when sending the requests from the FTD device.
I just saw a similar case, but with two ASA:s and the solution there was to add the command "management-access inside", but I am not sure how to add this command from FMC.
Here is the post about it on the ASA https://community.cisco.com/t5/network-access-control/radius-over-sito-to-site-vpn/td-p/1995180
Anyone now how to get this to work?
Thanks
/Chess
Solved! Go to Solution.
01-04-2021 05:31 AM
The source interface of the RADIUS requests needs to be defined in the crypto ACL as it would need to be routed over the VPN. That command can be added via flexconfig.
01-04-2021 05:31 AM
The source interface of the RADIUS requests needs to be defined in the crypto ACL as it would need to be routed over the VPN. That command can be added via flexconfig.
01-04-2021 06:36 AM
I added the management-access inside command in flexconfig and that solved it.
Thanks for your help.
/Chess
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide