I'm a bit stuck with an issue on an ASA 5505. Basically I'd like to set up RADIUS auth for a VPN, but the AAA server resides on the internet on a public ip such as 220.127.116.11.
Internally, there's another router with two ISPs connected into it, each with 4 public IPs. The router does NAT and provides an internal network 192.168.1.0.
The Cisco ASA has the interfaces configured as follows:
outside -> 192.168.1.0/24 (connected to the router, and using a few ips of that network for network translation purposes of machines on the internal network)
inside -> 192.168.85.0/24 (where all the clients are)
guests -> 192.168.2.0/24
Now, if I set up the AAA server on interface outside, and the IP above, it won't be reachable, as confirmed by the packet tracer. I tried a lot of things, adding static routes, static nat rules, but nothing seems to work, and I'm sure I'm missing something really basic.
Any help will be much appreciated!
Thanks a lot,