RSA radius authentication through IPSEC VPN tunnel from ASA itself

Unanswered Question
Mar 16th, 2009

ASA 5510 at both location. ASA1 is headquaters and ASA2 is remote office.

IPsec VPN client terminate at ASA2. IPsec VPN tunnel between ASA1 and ASA2, RSA secure ID server for VPN client authentication at headquaters behind ASA1.VPN client connect to ASA2 try to use secure ID token to authenticate on RSA server at headquaters.

All VPN tunnel and VPN client have been setup probably, ASA2 also can ping from inside through VPN tunnel to RSA server behind ASA1, and vice versa, but when I do a AAA server test for this RSA server, it said server not response.

Is there any tricky part I missed as the session is initiate from ASA2 itself and through VPN tunnel to RSA server?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
JamesLuther Fri, 03/20/2009 - 12:44


In IOS you do this with

ip tacacs source-interface fa0/1

ip radius source-interface fa0/1

where fa0/1 = inside interface in encryption domain

However I've tried to do this before on ASA and I couldn't find any option to change the aaa source interface.

So unless someone can confirm differently, I don't think that this is possible.


Victor Asiwe Wed, 09/29/2010 - 15:26

I am having the have the same problem also.

Please if you find a solution can you post it.

Many thanks.


This Discussion