I have a couple of small-business routers (Cisco RV120W) that I use at some of our smaller offices configured with a site-to-site VPN to allow connectivity for devices & such between my main office and the remote endpoints. The RV120W does a fine job of this… and I really can't complain too much. Users have now been asking about setting up WIFI… and having played with the RV120W quite a bit… I know it supports "enterprise authentication" with wpa2. After setting it up and trying to make it work… I quickly discovered that the router isn't sending the RADIUS packets through the VPN tunnel… (packets go out the WAN interface for some dumb reason.)
My last 3 major issues I brought up with Cisco… ended up with a "Won't Fix" … (even though they admitted it was a bug)… so I don't really feel like battling this problem with them. So, now I'm reconsidering how to approach this problem to make it work despite limitations of the device. As a last ditch effort… I may end up putting a dedicated AP on site behind the router… but I would rather not have yet-another device to maintain at each site.
TL;DR:
How safe is it to throw RADIUS packets over the public internet? Potentially, could the data be intercepted and decrypted? Is there a potential for a replay attack of sorts? Are there other concerns I should be aware of?
Best Answer
Here is the way I see it then. You've called their support and they state there's nothing they can do. IMO this is a routing issue of some sort. I don't know how much you can configure on your device (I presume it doesn't have the cisco IOS running on it). Anyway, let's leave that aside and assume you can't. The option I see are as follows.