Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
278
Views
0
Helpful
2
Replies

IOS Routers to Access Radius Server over VPN Tunnel - How?

admin_2
Level 3
Level 3

‎03-06-2004 04:44 PM - edited ‎02-21-2020 01:03 PM

I have a site-to-site IOS IPSEC VPN solution in place - (20 spoke routers and 1 hub) - everything is working fine.

I now need the spoke routers to be able to access a radius server host over the VPN tunnel at the HUB end.

I am not able to ping/access the radius server from the CONSOLE/TERMINAL of the router but clients on the LAN side (spoke end) can. This means the spoke routers cannot talk to the radius server over the VPN tunnel.

Is there a way I can get around this problem?

Thanks for any help...

Labels:
0 Helpful
2 Replies 2

gfullage
Cisco Employee
Cisco Employee

‎03-08-2004 10:15 PM

If you ping FROM the router console then the source of the packet is the router's outside IP address and therefore doesn't match your crypto access-list, and therefore doesn't get encrypted. If you source the ping packet from the inside interface of the router, then this will match the ACL and everything will work.

Similarly, you need to have the router source all its Radius packets from the inside interface so it will get encrypted. Use the command:

ip radius source-interface

You'll need to change your Radius server and add the NAS's in with the inside IP address rather than the outside.

0 Helpful

gaplayer26
Level 1
Level 1
In response to gfullage

‎03-10-2004 11:16 PM

Excellent, that did the trick! Thank you very much...

0 Helpful
Customers Also Viewed These Support Documents