How would I have RADIUS/NPS authenticate through another interface?
Our current RADIUS infrastructure is set up like so:
One Firebox M470 is setup with 2 ISPs setup as external interfaces. This is connected via a BOVPN to an Azure VM that acts as our RADIUS/NPS server. The RADIUS client is setup pointing to the local address setup in the BOVPN. The BOVPN has both external interfaces listed as local gateways with the remove gateway being Azure virtual network gateway.
We have 2 A records on our DNS, each pointing to a public IP associated with our ISPs. These are the external interfaces associated with our IKEv2 VPN.
The issue is, during testing when we pull the primary ISP, RADIUS is failing to authenticate through the secondary ISP. There's no issue authenticating through the primary ISP.
What we want to be able to do is ensure that if ISP 1/external interface 1 goes down, users are still able to authenticate and connect to the VPN using ISP 2/external interface 2.
We were thinking it could be a routing issue and are reading up on dynamic routing to see if we can apply BGP or OSPF. Would this be putting us on the right track?
Apologies if this comes off as convoluted. Any help in figuring this out would be much appreciated.