IPSec mobile VPN with Radius

jfaz11jfaz11
in Firebox - VPN Branch Office

I am having issues trying to get Radius working with IPSec VPN client. I am trying to use this so that I can use Microsoft MFA.

This is the error I keep getting
2025-05-27 10:47:00 admd Authentication of MUVPN user [username] from x.x.x.x was rejected, received an Access-Reject response from the (x.x.x.x) server msg_id="1100-0005"

I setup NPS and ran the Azure MFA NPS Extension.The group exists in AD and the user is a member of the group. The VM in Azure I created an NSG rule to allow inbound UDP 1812/1813/1645/1646

Any help would be great. Thanks

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @jfaz11

    You'll need to look at the logs on your NPS server -- the Access-Reject is coming from there. It will be the only piece that can identify what's wrong.

    -James Carson
    WatchGuard Customer Support

  • PhilT_VITPhilT_VIT

    @jfaz11 said:
    I setup NPS and ran the Azure MFA NPS Extension.The group exists in AD and the user is a member of the group. The VM in Azure I created an NSG rule to allow inbound UDP 1812/1813/1645/1646

    Any help would be great. Thanks

    For the Azure MFA extension to Windows NPS, as far as I know this only supports one method of MFA - notifications to the Authenticator app on a mobile device.
    Make sure the users have that as their default method.

    At least that was what I had to do for IKEv2 and SSL VPN; I don't use the IPsec VPN client but presume it also requires this since I don't believe there is a way for the MFA challenge/response part to have user input through the VPN client.

Sign In to comment.