Solved: Re: 1811W Radius/AAA over VPN Tunnel - Page 2

rbcastle · ‎05-15-2007

I have an 1811W router in China. There is a VPN tunnel to the US. This is working fine. Now I'd like to set up wireless to authenticate back to a radius server in the US (they don't have their own server.) I am using the same setup in the Netherlands except they have a radius server locally. The problem seems to be that the router can't forward the radius packets through the vpn tunnel. I also can't ping and traceroute to an address on the other side of the vpn tunnel goes out the internet connection instead of through the tunnel. I have searched these postings and contacted a local ccnp but haven't found resolution yet. Any thoughts? I'm going to go to local WPA but don't want to run that way long term.

billknitter · ‎10-12-2007

I understand what you're seeing - this is the same sort of activity I saw, but I was trying to attach to a RAIDUS server on the other end of the tunnell. Are you sure that your aaa-server is set to use the private interface (doesn't make sense but that's what I had to do) and that you have the "management-access" entry for your private network. The only other thing that was strange is that the traffic hit the remote authentication server from the internal interface of the remote asa, so I had to adjust my radius rules for that.

The other thing I have is both of the following, not sure if this affects anything or not but it problably does:

same-security-traffic permit inter-interface

same-security-traffic permit intra-interface