AnsweredAssumed Answered

RADIUS Auth for Centrally Managed SMB Appliance not working.

Question asked by kyle.192972a1-8014-4612-af8d-833ab0336333 on May 27, 2018
Latest reply on May 29, 2018 by kyle.192972a1-8014-4612-af8d-833ab0336333

RADIUS Auth for Centrally Managed SMB Appliance not working.

 

Scenario:

R80.10 JHF 103 Management Server

R77.20.75 SMB Appliance w/ Remote Access VPN and IPSec VPN Tunnels.

 

Problem:

Remote Access clients connect to GW1; RADIUS servers reside behind GW2 accessible via a Site to Site tunnel.

 

Partial Solution:

RADIUS/SecurID packets are being picked up by an implied rule instead of being encrypted 

Updated the proper implied_rules.def file to not have RADIUS traffic picked up by an implied rule.

 

However, RADIUS traffic still is sourced from the External interface which isn't (And can't) be a member of the Encryption Domain for the Site to Site tunnel.

 

The following appears to be what I need to set, however, as the gateway is Centrally managed it's not an option:

How to force originating VPN connections from local gateway to use an internal interface IP instead of the external IP W… 

 

Is something available in GuiDBEdit, Global Properties, or elsewhere that will allow me to set "VPN Site to Site global settings - Use internal IP address for encrypt" to force traffic from the internal interface of the Gateway?

Outcomes