- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
07-06-2022 02:05 AM - edited 07-06-2022 02:40 AM
Hi everyone,
on PA-220 I've update firmware version from 10.1.5h1 to 10.2.2.
We have globalprotect work with Radius Authentication with protocol PEAP-MSCHAPv2.
After the upgrade it doesn't work anymore. (it works with other protocol, like PAP).
Certificates are ok, nothing changed.
We've already tried to change radius server without success.
This is the error:
test authentication authentication-profile vpn-radius username ots50025 password
Enter password :
Target vsys is not specified, user "ots50025" is assumed to be configured with a shared auth profile.
Do allow list check before sending out authentication request...
user "xxxxxxx\ots50025" is a member of allowed group "cn=vpn-cisco-ch,ou=permission groups,dc=xxxxxx,dc=local" on vsys "vsys1"
Egress: No service source route is set, might use destination source route if configured
Test authentication to RADIUS server 10.2.20.55:1812 for user: "ots50025" using protocol: PEAP with MSCHAPv2
Failed EAPOL auth (-1).
Response for user: "ots50025" from RADIUS server: "protocol version"
Authentication failed against RADIUS server at 10.2.20.55:1812 for user "ots50025"
Any ideas?
It's not among know issues of the new version.
Thanks to everyone.