Unable to Send Radius Request Across the VPN from Dedicated Interfaces

03/26/2020 17 12005

DESCRIPTION:

Issue- Not able to send Radius Request across the VPN from dedicated interfaces

CAUSE:

Binding effect of inbuilt Feature "SEND THROUGH VPN TUNNEL"

RESOLUTION:

Customer has a Radius server across the Site to Site VPN behind another SonicWall and customer’s requirement is to send request to the Radius Server from a VLAN interface X1:V10 and not from X0 interface.

We configured the Radius Server on Site A’s SonicWall and enabled “SEND THROUGH VPN TUNNEL”:

Under the Site to Site VPN settings, we set up LOCAL Network as “X1:V10 INTERFACE IP” and REMOTE Network as 192.168.17.0/24 Address Object (Site B Subnet) on Site A:

After setting up the Radius Server on Site A and Site to Site VPN, we tried to test a User and found that the request was going through X0 interface instead of X1:V10 interface:

In this scenario, the Check Box  “SEND THROUGH VPN TUNNEL” is required to be checked to send the requests across the VPN tunnel but it also binds these requests to X0 interface even if we have specified LOCAL network for Site to Site VPN as “X1:V10 Interface IP” on Site A.

After running a couple of tests we were unable to redirect the traffic via X1:V10 interface as X0 interface was always taking precedence. So for testing purpose we UNCHECKED the “SEND THROUGH VPN TUNNEL” check box and traffic started redirecting through X1:V10 interface.

So the conclusion to the above discussed issue is, if you want to redirect traffic to send Radius requests via a dedicated interface of your choice then “SEND THROUGH VPN TUNNEL” must be unchecked.

Example, we have the option to redirect traffic for SYSLOGS via dedicated interface:

Similarly, we can do the same for Radius server but by unchecking the “SEND THROUGH VPN TUNNEL” check box.