I have an ASA that has an interface setup that does NAT for a external radius server I'm trying to setup. I can't seem to get my nat to work correctly. I'm using a windows server box for NPS and when I do a packet capture on the radius server ( I setup a wireless SSID at home that tries to connect to this remote radius server w/o vpn) and I used the public IP of the radius box and have port forwarded port 1812 to the server. I can see the packets come in but it shows the wireless AP's local IP as the NAS-IP-Address instead of my homes public IP. So I'm assuming I've messed up NAT. Was hoping someone could help me. I'll post my config below. I'm using the ASDM to configure the ASA. Radius server is 10.155.1.250.

Thank you

: Serial Number:
: Hardware: ASA5520, 2048 MB RAM, CPU Pentium 4 Celeron 2000 MHz
:
ASA Version 9.1(7)32
!
hostname ciscoasa
enable password sAKEzuplXCwaDQv/ encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd encrypted
names
dns-guard
!
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 100.211.219.80 255.255.255.192
!
interface GigabitEthernet0/1
description Test Environment
shutdown
nameif inside
security-level 100
ip address 10.15.2.251 255.255.255.0
!
interface GigabitEthernet0/2
nameif ICTWebHost02
security-level 50
ip address 10.250.1.251 255.255.255.0
!
interface GigabitEthernet0/2.1
description To Radius Server
vlan 155
nameif Radius
security-level 10
ip address 10.155.1.251 255.255.255.248
!
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
shutdown
no nameif
no security-level
no ip address
!
boot system disk0:/asa917-32-k8.bin
ftp mode passive
same-security-traffic permit intra-interface
object network 10.15.2.0_nat
subnet 10.15.2.0 255.255.255.0
object network TestPC02
host 10.15.2.84
object network Raidus_Auth_1814
host 10.155.1.250
description WebRadius01
object network TestHost
host 10.15.2.75
object service tcp-1433
service tcp source eq 1433
object service 3398
service tcp source eq 3398
object network obj-100.211.219.80
host 100.211.219.80
object network 100.211.219.90
host 100.211.219.90
object network ICTWebHost02_Network
subnet 10.250.1.0 255.255.255.0
description ICTWebHost02
object network 10.250.1.0_nat
subnet 10.250.1.0 255.255.255.0
description webhostnat
object network 100.211.219.85
host 100.211.219.85
object network Test_Network
host 10.15.2.0
description 255.255.255.0
object network Test
subnet 10.15.2.0 255.255.255.0
description Test
object network 100.211.219.103
host 100.211.219.103
description Radius Server Nat IP
object network Radius_Server_Network
subnet 10.155.1.248 255.255.255.248
description Radius_Network
object service Radius_Auth
service tcp source eq 1812 destination eq 1812
description Radius Auth
object network 100.211.219.64_27
subnet 100.211.219.64 255.255.255.224
object service 1812
service udp source eq 1812 destination eq 1812
description radius_Auth
object-group service Radius_Auth1812 udp
description Radius_Auth
port-object eq 1812
object-group service Radius_Auth_43251 udp
description Radius_Auth_42351
port-object eq 42351
access-list outside-inside extended permit tcp 100.211.219.64 255.255.255.192 object TestPC02 eq 3397 inactive
access-list outside-inside extended permit tcp host 100.224.142.174 object TestHost eq ftp inactive
access-list outside-inside extended permit ip any object Raidus_Auth_1812
access-list outside-inside extended permit udp any4 any eq 1812
access-list ICTWebHost02_access_in extended permit ip any any
access-list inside_access_in extended permit ip any any
access-list Radius_access_in extended permit ip any any
access-list Radius_access_in extended permit udp any any eq 1812
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu ICTWebHost02 1500
mtu Radius 1500
ip verify reverse-path interface outside
ip verify reverse-path interface inside
ip verify reverse-path interface ICTWebHost02
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-781-150.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (inside,outside) source static 10.15.2.0_nat 100.211.219.85
nat (ICTWebHost02,outside) source static ICTWebHost02_Network 100.211.219.90
nat (any,Radius) source dynamic any 100.211.219.103 destination static Raidus_Auth_1812 Raidus_Auth_1812
nat (Radius,outside) source static Radius_Server_Network 100.211.219.103 description Radius
access-group outside-inside in interface outside
access-group inside_access_in in interface inside
access-group ICTWebHost02_access_in in interface ICTWebHost02
access-group Radius_access_in in interface Radius
route outside 0.0.0.0 0.0.0.0 100.211.219.65 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http 100.211.219.66 255.255.255.255 outside
snmp-server host outside 100.211.219.66 poll community ***** version 2c
no snmp-server location
no snmp-server contact
snmp-server community *****
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
ssh stricthostkeycheck
ssh 100.211.219.66 255.255.255.255 outside
ssh timeout 5
ssh version 2
ssh key-exchange group dh-group14-sha1
console timeout 0
threat-detection basic-threat
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ssl encryption dhe-aes256-sha1 dhe-aes128-sha1 aes256-sha1
username admin password
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns migrated_dns_map_1
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns migrated_dns_map_1
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect ip-options
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:
: end