09-05-2021 10:29 PM
Hi,
I am trying to configure a VPN between a router and Apple phone using eap with radius auth using CML2. I have confirmed that the radius server (tekradius) is receiving and responding requests successfully.
Here is where it fails on the debug. Any help would be welcome. I will attach the config.
*Sep 6 05:12:51.950: IKEv2:[Crypto Engine -> IKEv2] IKEv2 authentication data generation PASSED
*Sep 6 05:12:51.951: IKEv2-ERROR:(SESSION ID = 2,SA ID = 1):: Failed to authenticate the IKE SA
*Sep 6 05:12:51.952: IKEv2:(SESSION ID = 2,SA ID = 1):Verification of peer's authentication data FAILED
*Sep 6 05:12:51.952: IKEv2:(SESSION ID = 2,SA ID = 1):Sending authentication failure notify
*Sep 6 05:12:51.953: IKEv2:(SESSION ID = 2,SA ID = 1):Building packet for encryption.
Payload contents:
NOTIFY(AUTHENTICATION_FAILED)
*Sep 6 05:12:51.954: IKEv2:(SESSION ID = 2,SA ID = 1):Sending Packet [To 192.168.1.7:58343/From 192.168.1.60:4500/VRF i0:f0]
Initiator SPI : 99A21E5720DA3A0B - Responder SPI : 751BC9AFE9AE7F7E Message id: 6
IKEv2 IKE_AUTH Exchange RESPONSE
Payload contents:
ENCR
*Sep 6 05:12:51.957: IKEv2:(SESSION ID = 2,SA ID = 1):Auth exchange failed
*Sep 6 05:12:51.958: IKEv2-ERROR:(SESSION ID = 2,SA ID = 1):: Auth exchange failed
*Sep 6 05:12:51.959: IKEv2:(SESSION ID = 2,SA ID = 1):Abort exchange
*Sep 6 05:12:51.960: IKEv2:(SESSION ID = 2,SA ID = 1):Deleting SA
*Sep 6 05:12:51.960: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Close PKI Session
*Sep 6 05:12:51.961: IKEv2:(SA ID = 1):[PKI -> IKEv2] Closing of PKI Session PASSED
Thanks.
Solved! Go to Solution.
09-07-2021 11:00 PM
Disregard, Config works. I had an issue with the external radius server.
09-06-2021 04:26 AM
09-06-2021 03:26 PM
Hi.
Config was already attached.
09-07-2021 11:00 PM
Disregard, Config works. I had an issue with the external radius server.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide