on PA-220 I've update firmware version from 10.1.5h1 to 10.2.2.
We have globalprotect work with Radius Authentication with protocol PEAP-MSCHAPv2.
After the upgrade it doesn't work anymore. (it works with other protocol, like PAP).
Certificates are ok, nothing changed.
We've already tried to change radius server without success.
This is the error:
test authentication authentication-profile vpn-radius username ots50025 password
Enter password :
Target vsys is not specified, user "ots50025" is assumed to be configured with a shared auth profile.
Do allow list check before sending out authentication request...
user "xxxxxxx\ots50025" is a member of allowed group "cn=vpn-cisco-ch,ou=permission groups,dc=xxxxxx,dc=local" on vsys "vsys1"
Egress: No service source route is set, might use destination source route if configured
Test authentication to RADIUS server 10.2.20.55:1812 for user: "ots50025" using protocol: PEAP with MSCHAPv2
Failed EAPOL auth (-1).
Response for user: "ots50025" from RADIUS server: "protocol version"
Authentication failed against RADIUS server at 10.2.20.55:1812 for user "ots50025"
It's not among know issues of the new version.
Thanks to everyone.
sorry for the delate but i was on holiday.
At this moment we are still waiting for an answer from Palo Alto.
Now we are working with a 2022 Radius.
The answer from PA was simply: chiper suite is different in 10.2
but if we check online 10.2 and 10.1 chiper suite are the same.
At this point they asked us to send the certificate and now we are waiting since 10 days.
About your question we had 2008 and a 2016 radius. Unfortunately we can't test 2019 at this moment.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!