Wireless PEAP authentication across VPN tunnel

Answered Question
Mar 19th, 2007

We are using the Cisco 871 series routers for VPN connectivity. I am testing the 871W for for VPN and wireless connectivity. I am able to get the VPN working but am having trouble with the wireless authentiction using PEAP and authentication via active directory. The problem is, my router cannot, because of the VPN connection, "talk" directly to my authentication server using the LAN ip address. I can get authentication to work if I pass the traffic through the internet, punching a hole in my firewall to complete the authentication process. This is not my preferred method. What can I do to get around may VPN access lists that are preventing my direct connectivity to my server?

I have this problem too.
0 votes
Correct Answer by kaachary about 9 years 8 months ago

Are you able to ping the ip address of radius server through the tunnel ?

Try adding this :

ip radius source-interface BVI1

*Please rate if helped.

-Kanishka

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
kaachary Mon, 03/19/2007 - 07:05

Is the Authentication server located at the other end of the tunnel ?

Please provide a snippet of the relevant configuration so that we can suggest some changes.

-Kanishka

hajoca Mon, 03/19/2007 - 07:16

Attached is a portion of the configuration the way I would LIKE it to work. This configuration does not currently work. However, if I substitute a public IP address for my nas server (permitted through my firewall) it will work.

Correct Answer
kaachary Mon, 03/19/2007 - 07:33

Are you able to ping the ip address of radius server through the tunnel ?

Try adding this :

ip radius source-interface BVI1

*Please rate if helped.

-Kanishka

Actions

This Discussion