I'm trying to tunnel my WiFi network over my VPN link so that I would have the same network on both of my locations. The problem is that if I use 802.1x RADIUS authentication (using Microsoft Network Policy Server as RADIUS) I can see in my RADIUS server log that access is granted but client doesn’t connect to tunneled WiFi network. If I check my ZoneDirector logs I see that the client has been authenticated successfully but it is after few seconds automatically disconnected from the network. If I just change authentication to standard WPA2-PSK AES or if I don’t tunnel the traffic (if I connect to the same network on my primary location where I don’t need to tunnel it), client authenticates and connects with no problems. So the problem is only on my secondary location, which is connected over IPsec VPN tunnel to my primary location and only if I use 802.1x for authentication. Any idea what could be wrong?
So problem appears only when 802.1x radius auth is used with tunnel WLAN and impacts only the remote users, Local user on same site as ZD and radius servers works just fine. correct?
Is the problem same when you don't tunnel the traffic via ZD?
if answers is yes to above then you should start looking AP-ZD MTU and Tunnel MTU setting on ZD GUI and similar ones on your router/firewall/VPN/radius server.
Maybe the RTT of the connection is too long for 802.1x to work. And even when 802.1X is successful it drops your client when re-keying. IpSEC adds overhead and if the connections aren't perfect can cause you some problems.
You said you tunnel traffic. Do you use the ZD built in feature to tunnel or do you use a router for that. What I mean is that some routers have the ability to tunnel all traffic to a location by specifying the remote site as the connections default gateway. If your router has this feature have you tried it and was there any change?
Do you even need to tunnel the traffic at all?
Do you have the same problem at the site with the RADIUS present?