We have a controller at our office advertising an 802.1x SSID.
We'd like to effectively advertise this to some of our staff at home, so we've provisioned RAPs to do this.
Some staff have Instant clusters though, so we'd like to setup a VPN to the controller using IAP-VPN.
The downside to this is the access to the remote network is effectively controlled by whatever authentication is configured on Instant.
Is it possible to configure central authentication for an IAP-VPN deployment, where the RADIUS traffic is sent over the tunnel back to a RADIUS server via the controller?