Meraki

Community

Client VPN Smart Card Authentication

PPDA
Here to help
10 hours ago
10 hours ago

Client VPN Smart Card Authentication

I am seeking guidance on configuring Client VPN to authenticate users via Smart Card authentication. I have successfully integrated Active Directory, allowing authentication via username and password. Additionally, I followed the steps outlined in Meraki's documentation to set up RADIUS and IPSec for Smart Card authentication.

However, when attempting to connect from a client device, I receive an error stating that the "distant server terminated before authentication." This suggests a potential issue with the connection between the Meraki MX and the NPS server.

I checked the Event Viewer on the NPS server, but no relevant logs were recorded. Any insights on troubleshooting or resolving this issue would be appreciated.

Labels:
0 Kudos
3 Replies 3
Mloraditch
Head in the Cloud
10 hours ago
10 hours ago

Can the MX ping the NPS server? Is any authentication working? If you do a packet capture on either end what do you see? 

Is the right source IP configured in NPS? https://documentation.meraki.com/MX/Other_Topics/MX_and_Z-series_Source_IP_for_RADIUS_Authentication

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
In response to Mloraditch
PPDA
Here to help
10 hours ago
10 hours ago

The MX can Ping the NPS,  Yes AD authentication is working and the smart card authentication does work on the client device for log in.  The Client device is set to only use smart card authentication.  I do not have anything that could do a packet capture let alone understand them.

Yes I believe the correct IP is set.  

0 Kudos
In response to PPDA
Mloraditch
Head in the Cloud
9 hours ago
9 hours ago

You can do the capture on the Meraki side from the Meraki. On Windows all you  need to do is install wireshark. 

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Packet_Capture_Overvi...
https://documentation.meraki.com/General_Administration/Tools_and_Troubleshooting/Getting_started_on...


That may help you, Meraki support may be able to help to some extent, but if the issue is on Windows it may be best effort.

 

 

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.