Hello everyone! I have Cisco ASA5506-X (ver. 9.8(2)20, asdm 7.9(1)151) on my remote site. I want to setup VPN access with authentication from Active Directory. I want to use AD passwords for auth in ASDM and SSH (if it fails use LOCAL) also. I already did it past on Cisco PIX515E and Cisco ASA5505 using this manual: https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/117641-config-asa-00.html But now I have trouble because it is first time when I use radius server (NPS) located on remote site (behind IPSec Site-to-SIte). When I try to execute test I receive Time out.                                   Log:   Built outbound UDP connection 2053719 for outside:192.168.111.246/1645 (192.168.111.246/1645) to identity:86.222.222.222/7272 (86.222.222.222/7272) where 192.168.111.246 is IP of my NPS servers located on remote site behind IPSec. 86.222.222.222 is my public IP of ASA5506.  I guess I need to make NAT exempt  between inside-bridge and outside interface as I did it for inside1 and inside2 interfaces in order to avoid natting into outside interface. nat (inside-bridge,outside) 7 source static inside-bridge-network inside-bridge-network destination static bs-office-networks bs-office-networks no-proxy-arp route-lookup But I cannot do it:   P.S. If I make ping 192.168.111.246 from ASA with source inside-bridge then ping successful, but it fails from inside1 or 2 OR without source interface:                           P.S.S: I understand that I can public my remote NPS server ports 1645-1646 to internet IP address on remote site and specify it address on ASA (with source as outside interface), but I don't want to do it (security considerations). ... View more