We've migrated the on-prem Active Directory environment to azure and have an existing VPN pipeline.
We're struggling to get Meraki to send the requests over the S2S VPN. We're using the NPS azure vm private ip within the meraki portal.
We thought since there was an existing VPN connection, that we could just spin up a new NPS/DC and change Meraki to forward the request to the azure vm via the S2S vpn.
I have event logs of on-prem devices talking to azure resources over the S2S, but cannot get the radius request to flow, or so it seems.
Any layers or breaking points to look into?
I don't have good log files as of yet.
Solved! Go to solution.
Iirc radius messages are sourced from the highest VPN enabled VLAN on the MX. E.g. If you have vlans 1, 10, and 20, and 1 and 10 are VPN enabled, it will be vlan 10 that the radius messages are sourced from.
Added routes to azure network gateway for the highest numbered VLAN and 6.X.X.X
What if VLAN 10 isn't where the Radius server lives, but rather VLAN 1.
Create a route from VLAN 10 to 1 or move the RADIUS server?
So since the original Radius server was on-prem, VLAN priority didn't matter? As it currently stands, using the on-prem radius server, our highest VLAN is 300, and the VLAN where the on-prem Radius server lives is on VLAN 1. That's why I'm somewhat confused.
But since we're moving to a S2S tunnel for radius, it needs to be in the highest VLAN possible?
Where as on-prem it didn't matter?
Can the on prem RADIS server route to VLAN 300 and can the cloud one not?
Might be on to something. Yes I can ping VLAN 300 from the on-prem, but not from the azure vm. I can ping other on-prem devices. But it doesn't appear I can talk to VLAN300.
Solved. Thank you.
Added routes to azure network gateway for the highest numbered VLAN and 6.X.X.X
A common issue I run into is that Windows does not correctly configure Windows Firewall to allow NPS traffic. You need to either add extra firewall rules or disable Windows firewall.
one of the first things I tried after seeing the server 2019 bug.