802.1X through VPN tunnel

Jwiley78
Building a reputation

802.1X through VPN tunnel

Anyone have any luck getting 802.1x to work through a non-meraki VPN tunnel.  Meraki support says they can see if being sent with not reply.  Cisco support says that are not seeing any traffic on 1812.

Jwiley78_0-1595963506904.png

 

7 REPLIES 7
CptnCrnch
Kind of a big deal

If RADIUS traffic is not blocked, there's no reason why this shouldn't work. What does the configuration look like on both sides?

Jwiley78
Building a reputation

Well I know the tunnel is up and working.  I can RDP through it.  There's not much you can mess up on the Meraki side so I think the issue is going to be either something on the ASA or the NPS server.

Jwiley78
Building a reputation

Tunnel is up, file shares work, and RDP works.  Any thoughts why RADIUS won't work.  

The client should be authenticated with the NPS and allowing as long as they are in a specific group in AD.  This has been verified.  The user should never get prompted for a username and password but they do.  Even if you enter your AD credentials it still fails.

CptnCrnch
Kind of a big deal

As with other posts currently going on: could you please elaborate further on your setup? I guess it should be good as TAC already was involved but on the other hand, how do you expect us to help you based on the basic information you‘re giving us here? 🙂

Are you really expecting us to be smarter than Cisco AND Meraki TAC without even knowing some backgrounds? Of course, this would be a great honor. 😉

Jwiley78
Building a reputation

Well without showing you actual configs I'm not sure how to do that.  I can say that the diagram is the toplogy I have.  Everything works so far beside DHCP relay(not supported by meraki) and the 802.1x authentication for client WiFi access.  I'm not completely ruling out an issue with the NPS server because I didn't build the server and not too familiar with t-shooting it.

 

Mostly curious if anyone else has tried this setup and have it working properly?  

CptnCrnch
Kind of a big deal

From a logical standpoint: RADIUS is simply another protocol running over the VPN tunnel. In case it‘s not being blocked by something in between, there‘s nothing that should stop it because of the VPN tunnel.

 

I fear that‘s the only thing that we can tell you without further information. Sorry!

 

P.S.: Looking at the forums, there a several others that are successfully running such kind of setup.

Jwiley78
Building a reputation

Tried something different over the weekend.  They have another MX in another part of the network so i created a tunnel to that device instead of the ASA.  After that the client would connect but wouldn't pull a DHCP address.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.