-
Products
-
SonicPlatform
SonicPlatform is the cybersecurity platform purpose-built for MSPs, making managing complex security environments among multiple tenants easy and streamlined.
Discover More
-
-
Solutions
-
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn MoreFederalProtect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn More - Industries
- Use Cases
-
-
Partners
-
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
Learn MorePartner PortalAccess to deal registration, MDF, sales and marketing tools, training and more
Learn More - SonicWall Partners
- Partner Resources
-
-
Support
-
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn MoreSupport PortalFind answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn More - Support
- Resources
- Capture Labs
-
- Company
- Contact Us
XAUTH Failed with VPN client, GVC with Radius Server
03/08/2023 
26 People found this article helpful
277,401 Views
Description
RADIUS is used as an Authentication, Authorization, and Accounting Server (AAA). The RADIUS server authenticates client requests either with approval or rejection. RADIUS Server not only authenticates users based on the username and password but also authorizes based on the configured policy.
Sometimes, customer wants the GVC users to get authenticated directly through radius server. Radius users can be authenticated also with a PIN.
There are chances to come across an If we see the error on GVC: XAUTH Failed with VPN client.
Cause
This may be because of misconfiguration on the firewall.
There may be some issues also on the radius server as well.
We have to check that all the settings are fine on the firewall, for server related issue, customer has to check themselves.
Resolution
If we see the error on GVC: XAUTH Failed with VPN client, we first have to check if the settings on the firewall are correct. One can also test if local users are able to connect.
Please check the below KB for reference.
Check the event log to see any related log or User login denied - RADIUS authentication failure
Check that VPN Clients via XAUTH has trusted group and also the radius users are part of trusted group.
Try to test the user under radius settings and check with what method it is working:
PAP, CHAP, MSCHAP, MSCHAP2
If radius test is only working with MSCHAP2 or MSCHAP, then there is a config option in advanced vpn tab
Enable : Use RADIUS in MSCHAP MSCHAPv2 mode for XAUTH (allows users to change expired passwords)
If test is successful only with PAP, If the settings are correct, then run a packet capture for udp packets for port 1812.
Here, check if the radius server is accepting or rejecting the request. If after testing from GVC clients and also from firewall under test user, when there is a reject from server. It means that this is not a firewall issue. Customer will have to check the settings on server side.
If we see accept from server, then we have to check the firewall.
Also make sure that the below option is uncheck: Allow only users listed locally
Packet capture will show us if the issue is on firewall or not.
Note: when trying to use GVC to authenticate, always try twice as there is phase 1 and phase 2 involved.
Related Articles
- How to Block Google QUIC Protocol on SonicOSX 7.0?
- How to block certain Keywords on SonicOSX 7.0?
- How internal Interfaces can obtain Global IPv6 Addresses using DHCPv6 Prefix Delegation
YES
NO