We have a Cisco 1602i access point that is in a geographically remote office from the home office and network where the RADIUS server exists that we wish to use to authenticate to.
The offices are joined by a VPN tunnel between an ASA 5510 (home office) where the RADIUS server lives and an ASA5505 in the remote office where the AP lives.
However, the AP, cannot contact the RADIUS server even though the tunnel is wide open, with no port restrictions. We also cannot connect to the remote AP's GUI or SSH to it from the network where the RADIUS server lives.
The AP is up and we can manage it by using a computer on the same network as it. SSH, GUI, Telnet all work. It doesn't even respond to pings, even though other devices do on the same network.
So my basic question is, can a Cisco AP only contact devices on the same subnet? That would seem like a silly limitation for an enterprise device that would be deployed in a remote setting.
We have a Cisco SmartNet on the access point, but not on the firewall's, Cisco has commented that it could be a VPN tunnel issue and we should contact their VPN support group but we do not have paid Cisco SmartNet support for that.