Validate user with RADIUS in VPN: tunnel data to a concentrator AP mode

Jorge_zk8
Comes here often

Validate user with RADIUS in VPN: tunnel data to a concentrator AP mode

Hi Guys,


I'm looking for setup a Radius validation to my SSID in VPN teleworker mode.

 

I have the SSID working, so, the AP is connected to a MX concentrator who is connected to my corporative network.

 

I have trying to add Radius validation to that SSID but is not working. The Radius server are placed in the corporate network but has not an internet public IP.

 

When i try to reach my Radius server i can`t reach it, i guess that the prolem is that the AP has stablished the tunnel with the internal network but it can't use it for itself, only for the device connected to the SSID.

 

Someone can help me?

 

Thank you in advance.

BR.

5 Replies 5
ww
Kind of a big deal
Kind of a big deal

The mx ip is used as authenticator.  Can the mx ip reach the radius server and is it added to the radius server

Jorge_zk8
Comes here often

Hi ww, thank you for your reply, Currently my Radius server is a ISE cluster. the MX can reach the IP of the ISE but i don't know wich interface is using to made it.

 

currently the MX has configurated 4 interfaces (vlans) who can reach the ISE cluster (All of this networks are in the private network) trought my SD-WAN concentrator.

 

In order to register the device MX in the ISE as a autorized network device, i need to know wich one of the interfaces is being used for that.

 

do you know the way to find wich interface (IP) are using my MX to reach the ISE/RADIUS ?

 

Thank you in advance.

 

BR.

ww
Kind of a big deal
Kind of a big deal
Jorge_zk8
Comes here often

Hi ww, thanks for your reply.

 

That is not possible because my WAN/Internet1 Port is connected to a provider router and has a private IP (192.168.x.x) and my Radius ISE server has not a public IP.

 

If i make a ping to Radius from the MX in the meraki dashboard i get response.

 

additionally i have registered in my ISE the network device with all of the interfaces IP of my MX and still not working.

 

could be not working because the mx is setup as "Routed" or NAT mode and not as "Passthrough or VPN Concentrator"?

 

Thank you in advance.

 

BR.

ww
Kind of a big deal
Kind of a big deal

Yes concentrator mode should work because then you can only use WAN1 of the MX .

 

Or you have to connect the ISE also  to the 192.168 subnet .so the MX ip can communicatie with the ISE ip

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels