Hi, 

I am trying to configure a VPN between a router and Apple phone using eap with radius auth using CML2. I have confirmed that the radius server (tekradius) is receiving and responding requests successfully.  

Here is where it fails on the debug. Any help would be welcome. I will attach the config. 

*Sep 6 05:12:51.950: IKEv2:[Crypto Engine -> IKEv2] IKEv2 authentication data generation PASSED
*Sep 6 05:12:51.951: IKEv2-ERROR:(SESSION ID = 2,SA ID = 1):: Failed to authenticate the IKE SA
*Sep 6 05:12:51.952: IKEv2:(SESSION ID = 2,SA ID = 1):Verification of peer's authentication data FAILED
*Sep 6 05:12:51.952: IKEv2:(SESSION ID = 2,SA ID = 1):Sending authentication failure notify
*Sep 6 05:12:51.953: IKEv2:(SESSION ID = 2,SA ID = 1):Building packet for encryption.
Payload contents:
NOTIFY(AUTHENTICATION_FAILED)

*Sep 6 05:12:51.954: IKEv2:(SESSION ID = 2,SA ID = 1):Sending Packet [To 192.168.1.7:58343/From 192.168.1.60:4500/VRF i0:f0]
Initiator SPI : 99A21E5720DA3A0B - Responder SPI : 751BC9AFE9AE7F7E Message id: 6
IKEv2 IKE_AUTH Exchange RESPONSE
Payload contents:
ENCR

*Sep 6 05:12:51.957: IKEv2:(SESSION ID = 2,SA ID = 1):Auth exchange failed
*Sep 6 05:12:51.958: IKEv2-ERROR:(SESSION ID = 2,SA ID = 1):: Auth exchange failed
*Sep 6 05:12:51.959: IKEv2:(SESSION ID = 2,SA ID = 1):Abort exchange
*Sep 6 05:12:51.960: IKEv2:(SESSION ID = 2,SA ID = 1):Deleting SA
*Sep 6 05:12:51.960: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Close PKI Session
*Sep 6 05:12:51.961: IKEv2:(SA ID = 1):[PKI -> IKEv2] Closing of PKI Session PASSED

Thanks.