Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 22 replies
  • Subscribers 32 subscribers
  • Views 52647 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Wireless Radius auth via IPSec not possible

frozeneye

Hi, we're trying to get Radius auth for wireless WPA enterprise to work in our Branch Office.

Situation: One UTM HA Cluster in Main Office. There are the Active Directory and Radius Servers located. In our Branch Office we change from RED to XG85. We use WPA enterprise with Radius to connect the wireless Clients.

The xg85 is connected wia Site2site ipsec and via LAN everything is fine. Active-directory-auth to xg85 via ipsec works also.

But the Radius auth doesn't work. I've already read different articles and try a lot but the Radius auth from the WLAN client doesn't arrive at the Radius Server in Main Office.

Radius test from the xg85 itself arrive at the Radius Server so the connection seems OK. Also all needed firewall rules are inplace. The wan-ip from the xg85 is included in the ipsec-tunnel so that the xg85 itself is able to connect to the ad and Radius Servers.

Any hints? I'searching the last days for a solution...

Thanks und advance,

Regards, Markus



This thread was automatically locked due to age.
Parents
  • 0

    Frozenye,

    can you share your config? Maybe some screenshot will help. What error do you have? Personally I would prefer method 2:

    https://community.sophos.com/kb/en-US/123334

    Luk

  • 0 in reply to lferrara

    Hi Luk,

    thanks for your response! I've already implemented the Option 1 for first testing and AD auth is working well. I'm using my Domain accont as admin-user in Branch XG appliance...

    What kind of Screenshots do you need?

    I'm not able to see an error, only wireless Clients cannot connect with WPA2 Enterprise and on the Radius Server the request is not arriving. Manual radius test directly in the xg interface are arriving at the radius logs.

    In the Main Office the WPA enterprise WLAN is working well with same (onsite) Radius.

    It seems that the Radius request will not be forwarded to the Server. Packet trace in the xg interface show the Radius Packers correctly. Radius client and other things are also configured right...  I have no idea, I'm hanging more than 2 days with this issue...

    Thanks for your Support!

    Regards, Markus

  • 0 in reply to frozeneye

    Markus,

    share your radius configuration.


    Luk

  • 0 in reply to lferrara

    Hi Luk,

    here is it:

    The Radius server itself is configured like in the howto (Server 2012 R2, DC and Radius) and is working already with the utm based wireless protection in main office.

    New Policy for Client and shared secret is configured properly (tested with and without new rules).

    Thanks,

    Markus

  • 0 in reply to frozeneye

    Hi Luk,

    Tcpdump on port 1812 would be helpful here to see where the packet is going. This is an open BUG in XG so with tcpdump just need to confirm.

    - Jayesh

Reply Children