Re: RADIUS Server Traffic over L2L VPN

fatalXerror · ‎06-17-2020

Hello Guys,

I have a radius server located in our head office and we have a connection there via site to site VPN from our branch office using FTD. The use case is that I want to authenticate my remote access VPN using the RADIUS server.

However, when I tried it, it cannot communicate from the inside interface of FTD to the RADIUS over the IPSEc VPN tunnel. When I checked the internet, it stated I need to have the "management-access" command but I think it is not supported in the FTD.

Thanks

Rob Ingram · ‎06-17-2020

Hi,
Currently, you need to configure the "management-access" command using FlexConfig.

HTH

fatalXerror · ‎06-17-2020

Hi @Rob Ingram thanks for your feedback I will this one.

But just wondering, I put the whole subnet in the crypto ACL for my site to site VPN, this means that the interface of my FTD should be included already right and no need for the management-access command?

Thanks

Rob Ingram · ‎06-17-2020

You will need the inside interface as part of the crypto ACL to identify interesting traffic, but you will also need the management-access comand defined in order to connect to the ASA via the inside interface when managing over a VPN tunnel which terminates on the outside interface.

HTH

fatalXerror · ‎06-17-2020

Hi @Rob Ingram noted on that. Can I use the actual command instead of using a variable in creating FlexConfig? Thanks

Rob Ingram · ‎06-18-2020

Yes, you can use the actual command syntax in Flexconfig, you do not need to use the variable.