Authenticate outside RADIUS client to inside RADIUS Server through Cisco ASA 5505
Posted on 2012-04-09
I have a proprietary RADIUS client that lives at a customers network. The client software authenticates local user wireless access requests to a RADIUS server software product that lives on our main inside network behind a Cisco ASA 5505 ver8.2 (5). I have added the NAT and Firewal Rules to static the inside address of the RADIUS Server as well as allow "any" to the RADIUS Servers ports (1812, 1813). So the inside radius server has both a static rule to its inside address as well as a public ip firewall rule.
The problem is the clients at the customer network cannot authenticate to the inside radius server on the main network.
I think the ASA is stripping off the dest header and replacing it with the ASA outside address of the ASA because I see in syslog that incoming requests are coming fine and going out but the client is not authenticating.
I will be working on a scrubbed config to post.