Question : AAA server not on inside interface

Trying to set up a VPN server on an ASA5505 that is in a remote office (10.3.0.0/255.255.0.0) that does not contain a domain controller (or any server for that matter). The ASA is connected to the main office (10.1.0.0/255.255.0.0.) via a site to site vpn. I have set up the main office Remote Access VPN to the RADIUS server on the inside network just fine but I don't know how to set up the remote office AAA server. Since the RADIUS server is not on the inside network, I try to choose outside network but it get "Error:Authentication server not responding"  when I try to test the AAA server in ASDM.

Answer : AAA server not on inside interface

You would configure the aaa-server on the outside interface as shown above by StrifeJester, but it will need to route over the Internet, and thus needs to hit an Internet accessible IP.  You will need to open up the correct ports to your internal Radius server on the remote firewall.  I believe the default radius ports are UDP 1812,1813.  So for example:

aaa-server radiusauth protocol radius
aaa-server radiusauth (outside) host 72.72.72.72
timeout 5
key RADIUS_PW


Nat 72.72.72.72 to your internal Radius server, open up UDP 1812,1813.  I'd recommend limiting the source traffic so that it only accepts queries from your remote firewall.
Random Solutions  
 
programming4us programming4us