09-05-2021 10:29 PM
Hi,
I am trying to configure a VPN between a router and Apple phone using eap with radius auth using CML2. I have confirmed that the radius server (tekradius) is receiving and responding requests successfully.
Here is where it fails on the debug. Any help would be welcome. I will attach the config.
*Sep 6 05:12:51.950: IKEv2:[Crypto Engine -> IKEv2] IKEv2 authentication data generation PASSED
*Sep 6 05:12:51.951: IKEv2-ERROR:(SESSION ID = 2,SA ID = 1):: Failed to authenticate the IKE SA
*Sep 6 05:12:51.952: IKEv2:(SESSION ID = 2,SA ID = 1):Verification of peer's authentication data FAILED
*Sep 6 05:12:51.952: IKEv2:(SESSION ID = 2,SA ID = 1):Sending authentication failure notify
*Sep 6 05:12:51.953: IKEv2:(SESSION ID = 2,SA ID = 1):Building packet for encryption.
Payload contents:
NOTIFY(AUTHENTICATION_FAILED)
*Sep 6 05:12:51.954: IKEv2:(SESSION ID = 2,SA ID = 1):Sending Packet [To 192.168.1.7:58343/From 192.168.1.60:4500/VRF i0:f0]
Initiator SPI : 99A21E5720DA3A0B - Responder SPI : 751BC9AFE9AE7F7E Message id: 6
IKEv2 IKE_AUTH Exchange RESPONSE
Payload contents:
ENCR
*Sep 6 05:12:51.957: IKEv2:(SESSION ID = 2,SA ID = 1):Auth exchange failed
*Sep 6 05:12:51.958: IKEv2-ERROR:(SESSION ID = 2,SA ID = 1):: Auth exchange failed
*Sep 6 05:12:51.959: IKEv2:(SESSION ID = 2,SA ID = 1):Abort exchange
*Sep 6 05:12:51.960: IKEv2:(SESSION ID = 2,SA ID = 1):Deleting SA
*Sep 6 05:12:51.960: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Close PKI Session
*Sep 6 05:12:51.961: IKEv2:(SA ID = 1):[PKI -> IKEv2] Closing of PKI Session PASSED
Thanks.
Solved! Go to Solution.
09-07-2021 11:00 PM
Disregard, Config works. I had an issue with the external radius server.
09-06-2021 04:26 AM
09-06-2021 03:26 PM
Hi.
Config was already attached.
09-07-2021 11:00 PM
Disregard, Config works. I had an issue with the external radius server.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: