Meraki

Community

Anyconnect Radius Reason Code 16

rndadhdman
Comes here often
‎Aug 29 2023 10:29 AM
‎Aug 29 2023 10:29 AM

Anyconnect Radius Reason Code 16

After working with the deployment team at Meraki, we are all lost for words. We have the Meraki VPN setup according to the documentation. I can watch the radius come into the system and be rejected each and every time. We are getting an reason code of 16. Thus, it's reaching radius and radius is saying it's a bad password. This isn't the case as we have confirmed the password. The Radius and CA are both on their own servers. From what I can tell event id 6273 normally accompanies reason code 16. However, i'm not seeing this event id.

 

The Radius server has the RAS and IAS cert from the currently active CA.

I can ping between each machine with no issues.

DNS names resolve with no issues between machines. However, using the troubleshooting tools, when i try the hostname to the DC, it does not start, but I can ping the IP address from the same tool no problem. 

 

Any idea's would help.

 

Documentation Links:

https://documentation.meraki.com/MX/Client_VPN/Configuring_RADIUS_Authentication_with_Client_VPN

 

Edit:
Discovered the mobile app will not prompt for user name or password if I use the DDNS name provided by the meraki unit, but if I use the ip address, it will prompt. Which makes it even weirder.

 

Edit:

Under the Connection Request Policy > Settings > Authentication, radio check "Accept users without validating Credentials" I get an radius accept, but the app crashes at this point. (Every Time on the laptop)

Labels:
0 Kudos
6 Replies 6
Ryan_Miles
Meraki Employee
Meraki Employee
‎Aug 29 2023 10:41 AM
‎Aug 29 2023 10:41 AM

As a test have you tried disabling the cert auth part and just connect with a username/password to make sure that works? That might help determine if the cert auth is the culprit.

Ryan

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
In response to Ryan_Miles
rndadhdman
Comes here often
‎Aug 29 2023 10:43 AM
‎Aug 29 2023 10:43 AM

I"m not to sure how to do that in radius. The Meraki has the certificate requirement disabled.

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Aug 29 2023 2:21 PM
‎Aug 29 2023 2:21 PM

Those are the wrong instructions.  They are for Microsoft client VPN.  These are the correct instructions for AnyConnect:
https://documentation.meraki.com/MX/Client_VPN/AnyConnect_on_the_MX_Appliance/Authentication#RADIUS_... 

 

@JohnIngram , even the instructions for Microsoft client VPN are not correct.  It's just that the errors are not enough to break it.  I am happy to help correct the documentation error if you could get someone to reach out to me.

Also, I think it makes it hard for users to have two sets of instructions for configuring RADIUS and client VPN.  Perhaps a single document could be made or a link created from one set of instructions to the other to make it clear which set of instructions users should be using.

In response to PhilipDAth
rndadhdman
Comes here often
‎Aug 30 2023 3:51 AM
‎Aug 30 2023 3:51 AM

After following these instructions, I am still receiving the same error messages. Any idea? The problem is on the radius side.

0 Kudos
rndadhdman
Comes here often
‎Sep 5 2023 6:02 AM
‎Sep 5 2023 6:02 AM

After about 100 failed attempts, I have reached out to a local msp. I will post updates here.

0 Kudos
Drew325
Conversationalist
‎Jan 10 2024 4:02 PM
‎Jan 10 2024 4:02 PM

Did this ever get resolved? I'm getting the same error message and support is as confused as I am.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.