Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
740
Views
0
Helpful
1
Replies

Use diagnostic interface to route to ISE for Radius

Dan Eyster
Cisco Employee
Cisco Employee

‎06-28-2019 11:14 AM - edited ‎02-21-2020 09:15 AM

I have a customer that needs to use the diagnostic interface to reach their ISE server for VPN radius auth.  He added a route to the diagnostic interface in FMC and can ping it from the CLI.  However, when he tests the VPN connection, the syslog messages show that the ISE/Radius server cannot be reach.  We also configured the radius server group to use the interface to reach the ISE server.  Leaving it blank sets FMC/FTD to use the diagnostic interface to connect.

 

TIA,

 

Dan

Labels:
0 Helpful
1 Reply 1

Francesco Molino
VIP Alumni
VIP Alumni

‎06-29-2019 07:57 PM

Hi

When you configure a radius server you have 2 choices: routing or interface.
When you choose interface and you select your diagnostic, do you see any logs on your ise or did you run a tcpdump to see if packets are coming in?
Why you want to use the diagnostic interface which is not recommended to be configured by Cisco?
Can you share your config regarding radius?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card