Hi Guys,
I'm looking for setup a Radius validation to my SSID in VPN teleworker mode.
I have the SSID working, so, the AP is connected to a MX concentrator who is connected to my corporative network.
I have trying to add Radius validation to that SSID but is not working. The Radius server are placed in the corporate network but has not an internet public IP.
When i try to reach my Radius server i can`t reach it, i guess that the prolem is that the AP has stablished the tunnel with the internal network but it can't use it for itself, only for the device connected to the SSID.
Someone can help me?
Thank you in advance.
BR.
The mx ip is used as authenticator. Can the mx ip reach the radius server and is it added to the radius server
Hi ww, thank you for your reply, Currently my Radius server is a ISE cluster. the MX can reach the IP of the ISE but i don't know wich interface is using to made it.
currently the MX has configurated 4 interfaces (vlans) who can reach the ISE cluster (All of this networks are in the private network) trought my SD-WAN concentrator.
In order to register the device MX in the ISE as a autorized network device, i need to know wich one of the interfaces is being used for that.
do you know the way to find wich interface (IP) are using my MX to reach the ISE/RADIUS ?
Thank you in advance.
BR.
Hi ww, thanks for your reply.
That is not possible because my WAN/Internet1 Port is connected to a provider router and has a private IP (192.168.x.x) and my Radius ISE server has not a public IP.
If i make a ping to Radius from the MX in the meraki dashboard i get response.
additionally i have registered in my ISE the network device with all of the interfaces IP of my MX and still not working.
could be not working because the mx is setup as "Routed" or NAT mode and not as "Passthrough or VPN Concentrator"?
Thank you in advance.
BR.
Yes concentrator mode should work because then you can only use WAN1 of the MX .
Or you have to connect the ISE also to the 192.168 subnet .so the MX ip can communicatie with the ISE ip