MX64 Client VPN Cloud Auth Works - Radius Auth Fails with IPsec-SA expiration
I have configured a Client VPN on this MX device. When using Meraki Cloud authentication it works without issue. When I enable radius authentication it fails.
I have performed a packet capture on the radius server and see successful authentication requests validating that radius is functioning correctly. This is failing for both an Android client (ver. 9 build PPR2.181005.003) and Windows10 Enterprise (ver. 1709 build 16299.611)
Below are log entries. It looks to me like it's simply timing out.
Those log entries indicating the tunnel is being torn down could be due to a failed RADIUS authentication attempt. In your packet capture did you see the server sending back an access-accept message? You could also run a capture on the LAN interface of the MX during the authentication process and make sure that the access-accept message is making it back to the MX.
Thanks. If you read through my conversation with PhillipDAth you'll see that I did just that both on the radius server and the MX. I was getting ACCEPT packets and they were being seen by the MX. In the end, radius *was* failing between the client (MX) and server (M$ NPS) because the PSK was too complex and I needed to remove non-alphanumeric characters.
It doesn't explain why I was getting the ACCEPT which was seen by the MX and was failing between the LAN interface and the Client VPN.