Cisco Remote Access VPN authenticating via RADIUS over Site2Site VPN

cisco-asaradiusvpn

Is it possible to setup the remote access VPN to athenticate to a RADIUS server that is on the other end of a Site to site VPN on the same ASA?

I have an ASA 5505 that is at a branch office with a site to site VPN to head office (with a 5510) i then want to setup remote access VPN on the 5505 for home users of this site that will authenticate to a RADIUS server located on the head office LAN.

Is this possible? This will same me setting up another RADIUS server on the Read only domain controller that is currently on site.

Best Answer

The Radius server IP needs to be included on ASA1 Site to Site tunnel with other ASA where ASA1 outside interface would be the source IP in the crypto acl and radius server IP would the destination.

ASA1<---------------------->ASA2

ASA1:

Crypto acl- ASA_outside_IP to Radius_Server_IP
Nat- nat(out,out) source static ASA_OUtside_IP ASA_OUtside_IP destination static Radius_Server_IP Radius_Server_IP no-proxy-arp
route-lookup
same-security-permit intra-interface

ASA2:

Crypto acl- Radius_Server_IP to ASA1_outside_IP
Nat- nat(inside,out) source static Radius_Server_IP Radius_Server_IPdestination 
static ASA_OUtside_IP ASA_OUtside_IP no-proxy-arp route-lookup

Best Answer

Related Solutions

Cisco – configure a Cisco ASA to use MS-CHAP v2 for RADIUS authentication

Cisco ASA (Client VPN) to LAN – through second VPN to second LAN

Related Topic