Hi,
was there a resolution for this that you found.
I have a similar scenario.
VIA Client using Azure AD with MFA (EAP-MSCHAPv2) using a Windows Network Policy Server (as Radius)
we also see the timeout being really quick.
we are suing a Aruba Gateway 9004 Managed in Aruba Central, is there a way you can change timeout in Aruba Central ?
cheers
Ian
do you extend it on the gateway
-------------------------------------------
Original Message:
Sent: Aug 20, 2024 04:06 AM
From: nktns
Subject: VIA with Azure MFA and IKEv1/EAP-MSCHAPv2 timeouts
Integration has been done based on this guide - Microsoft Azure Multi-Factor Authentication (MFA)
General idea seems to be working - IKEv1/PAP is fine, but IKEv2/EAP-MSCHAPv2 is not connecting properly. If using local ClearPass user - VIA connects fine. If MFA request can be accepted successfully really quick (around 5 seconds or so) - connects sucessfully. But normally VIA times out with error -8980 and connection fails.
Will not jump into troubleshooting logs, but I have a feeling VIA IPSec session times out before receiving RADIUS response. RADIUS timeouts have been tuned on controller/ClearPass side to 30 seconds, but is there anything that may have not been mentioned in the guide regarding timers?
AOS: 10.4.1.1
CP: 6.10.8