Hello,
I am in the process of setting up RADIUS authentication for a dynamic VPN. Unfortunately, it is not working. I have tracing turned on for authentication, and am getting this error message:
Mar 5 18:34:16.479967 Local : authd_local_lite_auth: got params profile=ad01-cg-radius, username=dramage
Mar 5 18:34:16.479973 Local : start authd_local_lookup
Mar 5 18:34:16.479978 Local : profile ad01-cg-radius NOT found
This confuses me, becausethat profile exists:
ec2-user@VSRX2> show configuration access
profile ad01-cg-radius {
address-assignment {
pool Corios-VPN;
}
radius {
authentication-server 10.1.10.40;
accounting-server 10.1.10.40;
}
radius-server {
10.1.10.40 {
port 1812;
secret "BIG IMPORTANT SECRET HERE"; ## SECRET-DATA
timeout 15;
retry 2;
source-address 172.16.101.6;
routing-instance vpn_gateway;
}
}
accounting {
order radius;
accounting-stop-on-failure;
accounting-stop-on-access-deny;
}
}
Here's where I have it applied to the IKE gateway:
gateway Corios-VPN-IKE-GW {
ike-policy Corios-VPN-IKE-Pol;
dynamic {
user-at-hostname "itadmins@coriosgroup.com";
connections-limit 2;
ike-user-type shared-ike-id;
}
dead-peer-detection;
local-identity inet XXX.XXX.XXX.XXX;
external-interface ge-0/0/1.0;
aaa {
access-profile ad01-cg-radius;
}
version v1-only;
tcp-encap-profile NCP;
}
I should also mention that I have no connectivity problems if I switch over to local authentication.
Thanks in advance for your help.