cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

RADIUS authentication MX VPN

Highlighted
Conversationalist

RADIUS authentication MX VPN

I am trying to configure RADIUS authentication for VPN clients using an MX100.

I can connect just fine when using local auth.

I switched over to radius, and am getting an invalid username/password.  I have tested and confirmed they are both correct.

I have tried authenticating using just the username, and domain\username, but no luck with either.

Anyone have any idea what i may be missing?

5 REPLIES 5
Highlighted
Kind of a big deal

Re: RADIUS authentication MX VPN

If you are getting an "invalid username" response then the good news is that the MX100 is talking to the RADIUS server  - because that is a response returned by the RADIUS server.

 

You need to half a look at the log on your RADIUS server and its configuration to find out what it is refusing to allow the user to connect.

Highlighted
Conversationalist

Re: RADIUS authentication MX VPN

I have the same problem, but I don't even see the RADIUS traffic from the MX or the MR (MX64 and MR33).

Highlighted
Comes here often

Re: RADIUS authentication MX VPN

We have an MX68 and a case opened with Meraki.

 

The MX68 doesn't even pass traffic to the Radius Server! Wondering how those things passed quality assurance considering they enforce a new firmware version for the new MX series.

Highlighted
Conversationalist

Re: RADIUS authentication MX VPN

check out my post with my resolution somewhere here in this thread... its an undocumented fix... lol.  but its working

Conversationalist

Re: RADIUS authentication MX VPN

I have since resolved this, it came down to the encryption configuration on the adapter.  It needs to be set to optional.

But when we were testing, the test from the MX would show hits on radius, but from the client it would not.

Tinkering and the good ole try-this-try-that approach eventually lead to a successful connection

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.