RADIUS communication problem

Author
Shagma
Bronze Member
  • Total Posts : 36
  • Scores: 0
  • Reward points: 0
  • Joined: 2010/11/07 04:15:22
  • Status: offline
2019/11/06 01:57:07 (permalink)
0

RADIUS communication problem

Hi!
I have a network where WPA-Enterprise with RADIUS auth. is working fine except for one office.
Looking at the traffic, it seems that the remote side thinks it is not reaching the RADIUS server with certain packets. I have disabled local firewalls and firewall policies should allow traffic in both directions. Can anyone make sens of this?
 
Remote office FGT FW: v6.2.1 build0932 (GA)
RADIUS FGT FW: v5.6.5 build1600 (GA)
 
As seen on 10.27.1.1:
 
diagnose sniffer packet any 'host 10.27.1.1 and host 192.168.160.10'
interfaces=[any]
filters=[host 10.27.1.1 and host 192.168.160.10]
9.020808 10.27.1.1.5135 -> 192.168.160.10.1812: udp 341
9.157906 192.168.160.10.1812 -> 10.27.1.1.5135: udp 90
9.157949 10.27.1.1 -> 192.168.160.10: icmp: 10.27.1.1 udp port 5135 unreachable
12.096423 10.27.1.1.5135 -> 192.168.160.10.1812: udp 341
12.208962 192.168.160.10.1812 -> 10.27.1.1.5135: udp 90
12.209000 10.27.1.1 -> 192.168.160.10: icmp: 10.27.1.1 udp port 5135 unreachable
30.116445 10.27.1.1.24516 -> 192.168.160.10.1812: udp 341
30.185234 192.168.160.10.1812 -> 10.27.1.1.24516: udp 90
30.185274 10.27.1.1 -> 192.168.160.10: icmp: 10.27.1.1 udp port 24516 unreachable
33.896439 10.27.1.1.1832 -> 192.168.160.10.53: udp 35
33.926120 192.168.160.10.53 -> 10.27.1.1.1832: udp 219
38.576449 10.27.1.1.1832 -> 192.168.160.10.53: udp 37
38.615739 192.168.160.10.53 -> 10.27.1.1.1832: udp 221
39.326431 10.27.1.1.1832 -> 192.168.160.10.53: udp 43
39.480044 192.168.160.10.53 -> 10.27.1.1.1832: udp 227
43.626453 10.27.1.1.1832 -> 192.168.160.10.53: udp 37
43.659422 192.168.160.10.53 -> 10.27.1.1.1832: udp 221
44.276442 10.27.1.1.1832 -> 192.168.160.10.53: udp 35
44.308684 192.168.160.10.53 -> 10.27.1.1.1832: udp 219
 
As seen on 192.168.160.1:
 
diagnose sniffer packet any 'host 10.27.1.1 and host 192.168.160.10'
interfaces=[any]
filters=[host 10.27.1.1 and host 192.168.160.10]
6.950911 10.27.1.1.5135 -> 192.168.160.10.1812: udp 341
6.950967 10.27.1.1.5135 -> 192.168.160.10.1812: udp 341
6.950973 10.27.1.1.5135 -> 192.168.160.10.1812: udp 341
7.058850 192.168.160.10.1812 -> 10.27.1.1.5135: udp 90
7.058883 192.168.160.10.1812 -> 10.27.1.1.5135: udp 90
7.087591 10.27.1.1 -> 192.168.160.10: icmp: 10.27.1.1 udp port 5135 unreachable
7.087614 10.27.1.1 -> 192.168.160.10: icmp: 10.27.1.1 udp port 5135 unreachable
7.087622 10.27.1.1 -> 192.168.160.10: icmp: 10.27.1.1 udp port 5135 unreachable
10.026411 10.27.1.1.5135 -> 192.168.160.10.1812: udp 341
10.026455 10.27.1.1.5135 -> 192.168.160.10.1812: udp 341
10.026463 10.27.1.1.5135 -> 192.168.160.10.1812: udp 341
10.109797 192.168.160.10.1812 -> 10.27.1.1.5135: udp 90
10.109835 192.168.160.10.1812 -> 10.27.1.1.5135: udp 90
10.138594 10.27.1.1 -> 192.168.160.10: icmp: 10.27.1.1 udp port 5135 unreachable
10.138622 10.27.1.1 -> 192.168.160.10: icmp: 10.27.1.1 udp port 5135 unreachable
10.138629 10.27.1.1 -> 192.168.160.10: icmp: 10.27.1.1 udp port 5135 unreachable
28.045921 10.27.1.1.24516 -> 192.168.160.10.1812: udp 341
28.045980 10.27.1.1.24516 -> 192.168.160.10.1812: udp 341
28.045988 10.27.1.1.24516 -> 192.168.160.10.1812: udp 341
28.085612 192.168.160.10.1812 -> 10.27.1.1.24516: udp 90
28.085647 192.168.160.10.1812 -> 10.27.1.1.24516: udp 90
28.114621 10.27.1.1 -> 192.168.160.10: icmp: 10.27.1.1 udp port 24516 unreachable
28.114645 10.27.1.1 -> 192.168.160.10: icmp: 10.27.1.1 udp port 24516 unreachable
28.114652 10.27.1.1 -> 192.168.160.10: icmp: 10.27.1.1 udp port 24516 unreachable
post edited by Shagma - 2019/11/06 01:58:54

Attached Image(s)

#1

0 Replies Related Threads

    Jump to:
    © 2019 APG vNext Commercial Version 5.5