Hello, I have a problem to setup radius authentication on remote ASA. Configuration is pretty simple: home network <-> internet <-> remote office with ASA between home network an ASA Ipsec tunnel is established 10.10.10.0 is network behind ASA 10.10.20.0 is network with radius server in it so crypto acl is: permit ip 10.10.10.0/24 10.10.20.0/24 permit ip 10.10.20.0/24 10.10.10.0/24 which perfectly connects two networks I want ASA to use radius located in home network for authentication. So with commands: aaa-server RADIUS protocol radius aaa-server EMEARADIUS host radiushost key mykey authentication-port 1812 accounting-port 1813 I suppose to achive what is neseccary, however it's not like this. Radius host is located behind interface outside, so ASA sends radius requests with source of outside interface and because of this it does not seem as interesting traffic for ASA and don't get encrypted. Question: is there a way how to force ASA use IP of inside for this?
... View more
Hello, Just wanted to know is there any way to turn on additional logging on CAS let's say? I have enabled logging on CAM, it sends to local syslog daemon which is really useful. In this log I can see what is going on after agent is downloaded. I'd like to see: connection attempts from different IPs, CAS triggers for Radius accounting packets (something like: packet is accepted, users is valod now), assigning to User Role process would be really helpful on deployment stage, etc. In fact we have only tomcat logs, which is not so bad as staring point but definately not enough. Am I such a dreamer? Misha
... View more