Hello,
I have the following setup:
Sophos SG230, Firmware 9.113
Sophos AP50
Site with Sophos IPSEC VPN-Tunnel Site with Microsoft Radius Server
Problem: I have set up WPA2 Enterprise Authentication for a wireless network. However the radius client request is not coming from the sophos gateway as exepected, but instead from the AP! I can see this on the Microsoft NPS-Radius Server, that the AP with its DHCP assigned address is doing the radius request! What is this all about?
I have 6 other UTM 220 Installations with similar setup (but with AP10) and there always the sophos gateway itself correctly does the radius requests. And not the APs!
However: Those UTM220 reach the Microsoft Radius Server not via IPSEC Tunnel, but via normal static routes (MPLS-Cloud).
How can I fix the SG230 to do the requests instead of the AP? Why does it behave that way? Its really weird and I can't explain. I even connected a AP10 to the gateway and also this AP does then the radius requests....
So it is not some kind of hardware difference between AP10 and AP50...
In another thread moderator "TOM" says:
"The ASG collects the RADIUS traffic from the APs and forwards it to the NPS"
And this is how I also know it, until today when I installed the SG230 with the weird behaviour.
Is the talking of the APs to the Radius server directly a kind of "fallback", if they cannot forward the requests via the Sophos gateway? (Remember the IPSEC Tunnel above!)..
But the sophos gateway and the APs are on the same subnet and both can reach the Radius Server...
Any help greatly appreciated.
This thread was automatically locked due to age.
