I have a fully functional radius server that we use for authenticating with our wireless networks. That all works properly, so there are no issues with the server.
However now that I am trying to set up our ASA 5510 to authenticate witht the server, I keep getting the wollowing error:
ciscoasa# test aaa-server authentication IGBRADIUS host XXX.YYY.ZZZ.QQQ username XXXX password XXXX
INFO: Attempting Authentication test to IP address <XXX.YYY.ZZZ.QQQ> (timeout: 10 seconds)
ERROR: Authentication Server not responding: No error
The only curveball that I can see that I might be throwing on this is that the server will be on the public side of the VPN instead of the private as is shown in most of the howtos.
ip address interface_IP 255.255.252.0
ip address interface_IP 255.255.255.0
aaa-server IGBRADIUS (igbpublic) host 18.104.22.168
Do you have to have the radius server on the internal network, or can you get away with having it on a public interface? Outside of the NAT interface, the only access list that I have is:
access-list 101 extended permit ip private-ip-start 255.255.255.0 vpn-pool-start 255.255.255.0