Expand all | Collapse all

Radius Auth Issues with Dynamic VPN

Jump to Best Answer
  • 1.  Radius Auth Issues with Dynamic VPN

    Posted 03-05-2019 10:56


    I am in the process of setting up RADIUS authentication for a dynamic VPN.  Unfortunately, it is not working.  I have tracing turned on for authentication, and am getting this error message:


    Mar 5 18:34:16.479967 Local : authd_local_lite_auth: got params profile=ad01-cg-radius, username=dramage
    Mar 5 18:34:16.479973 Local : start authd_local_lookup
    Mar 5 18:34:16.479978 Local : profile ad01-cg-radius NOT found


    This confuses me, becausethat profile exists:

    ec2-user@VSRX2> show configuration access
    profile ad01-cg-radius {
    address-assignment {
    pool Corios-VPN;
    radius {
    radius-server { {
    port 1812;
    timeout 15;
    retry 2;
    routing-instance vpn_gateway;
    accounting {
    order radius;



    Here's where I have it applied to the IKE gateway:

    gateway Corios-VPN-IKE-GW {
    ike-policy Corios-VPN-IKE-Pol;
    dynamic {
    user-at-hostname "";
    connections-limit 2;
    ike-user-type shared-ike-id;
    local-identity inet XXX.XXX.XXX.XXX;
    external-interface ge-0/0/1.0;
    aaa {
    access-profile ad01-cg-radius;
    version v1-only;
    tcp-encap-profile NCP;


    I should also mention that I have no connectivity problems if I switch over to local authentication.


    Thanks in advance for your help.

  • 2.  RE: Radius Auth Issues with Dynamic VPN
    Best Answer

    Posted 03-05-2019 11:27

    I see that authentication order is missing in your access profile config. Did you try after adding it?

    set access profile ad01-cg-radius authentication-order radius


    is your radius server reachable via routing-instance or via inet.0 (global routing table)?





  • 3.  RE: Radius Auth Issues with Dynamic VPN

    Posted 03-05-2019 14:00

    Adding the authentication order statement caused it to attempt to use the profile, and you were right, it should not have been in the routing instance.  Thank you for your help.