We have 2 UAGs deployed with 3 nics each. UAG is behind F5 firewall. When monitoring the vlan interface for traffic on NIC3 on the UAG, the UAG takes approx 30 seconds just to send the request, and once the request is sent it's an instantaneous response. This leads to a very long wait time between passcode being entered and after valid confirmation, leads the user to the password.
We've tried this with PAP as well as MSCHAP2, both have the same results.
UAG Logs not really showing much in terms of what is occurring between a user submitting the passcode, and the UAG sending it to our RADIUS server.
Any help appreciated.
I'm on 3.3.1 with a two NIC deployment. My understanding is that NIC 2 is for backend traffic and NIC 3 is only used for management. I think you may have a routing or configuration issue if you are seeing RADIUS on NIC 3.
Other way around, nic3 is for backend and we have our route set there for all internal subnets, so I assume Radius routes here
Nic2 is mgmt and we have a specific subnet with access to that
nic1 is external
I'm beginning to think NIC1 is what is sending RADIUS, and ignoring the static routes
I think we figured it out. Our network engineer poured over the logs and noticed a few cases of dns issues, performed a few nslookups and noted that it was not resolving a few entries correctly. Repointed DNS to another DNS server and it worked as it should, instantaneously.
My hunch is that the initial authentication FIRST checks for the user in AD, then hands it back to RADIUS to confirm passcode. Odd, but changing DNS did the trick.