Hi all,
We recently replaced and MX60 with an MX67 for a client or ours. Ever since then the client VPN will no longer authenticate via AD authentication. I can flip it to Meraki authentication and it works fine though.
I re-verified my client VPN settings are correct. I even check the DC certificate in case it was some sort of TLS issue, but the certificate is fine. I setup the DC on the Active Directory Authentication page to see if that would produce an error but it connects fine with the green checkmark status.
The issue was even escalated to the meraki development team to look into. They states they are able to see is that the AD server is attempting to create a TLS session with the Meraki device in a way which is not compatible, however, we are unable to do further troubleshooting from their end. Next troubleshooting steps would need to be done on the AD server itself.
If this is an issue with the AD server, why would it crop up out of the blue when the firewall was replaced? Makes no sense to me yet.