Scenario: Connecting VIA client using EAP-tls with external server.
Note: The controller authenticates the user certificate using EAP-TLS over IKEv2. The controller just acts as an EAP pass-through to an external EAP-compliant server. EAP termination on the controller is not supported for VIA clients.
This error is due to server cert miss from the controller.
Need to check if the server cert has been uploaded and mapped under VPN services.
and map the server & CA cert under VPN services.
Navigate to Configuration >> Under ADVANCED SERVICES >> choose VPN services and map the certificates.
Finally we need to map them in Certificate Groups.
crypto-local isakmp certificate-group server-certificate VIA ca-certificate test