Meraki

Community

Client VPN Smart Card Authentication

PPDA
Here to help
‎Feb 25 2025 12:09 PM
‎Feb 25 2025 12:09 PM

Client VPN Smart Card Authentication

I am seeking guidance on configuring Client VPN to authenticate users via Smart Card authentication. I have successfully integrated Active Directory, allowing authentication via username and password. Additionally, I followed the steps outlined in Meraki's documentation to set up RADIUS and IPSec for Smart Card authentication.

However, when attempting to connect from a client device, I receive an error stating that the "distant server terminated before authentication." This suggests a potential issue with the connection between the Meraki MX and the NPS server.

I checked the Event Viewer on the NPS server, but no relevant logs were recorded. Any insights on troubleshooting or resolving this issue would be appreciated.

Labels:
0 Kudos
3 Replies 3
Mloraditch
Kind of a big deal
‎Feb 25 2025 12:11 PM
‎Feb 25 2025 12:11 PM

Can the MX ping the NPS server? Is any authentication working? If you do a packet capture on either end what do you see? 

Is the right source IP configured in NPS? https://documentation.meraki.com/MX/Other_Topics/MX_and_Z-series_Source_IP_for_RADIUS_Authentication

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
In response to Mloraditch
PPDA
Here to help
‎Feb 25 2025 12:17 PM
‎Feb 25 2025 12:17 PM

The MX can Ping the NPS,  Yes AD authentication is working and the smart card authentication does work on the client device for log in.  The Client device is set to only use smart card authentication.  I do not have anything that could do a packet capture let alone understand them.

Yes I believe the correct IP is set.  

0 Kudos
In response to PPDA
Mloraditch
Kind of a big deal
‎Feb 25 2025 12:34 PM
‎Feb 25 2025 12:34 PM

You can do the capture on the Meraki side from the Meraki. On Windows all you  need to do is install wireshark. 

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Packet_Capture_Overvi...
https://documentation.meraki.com/General_Administration/Tools_and_Troubleshooting/Getting_started_on...


That may help you, Meraki support may be able to help to some extent, but if the issue is on Windows it may be best effort.

 

 

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
Back to the top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.