Security

Integration has been done based on this guide - Microsoft Azure Multi-Factor Authentication (MFA)

General idea seems to be working - IKEv1/PAP is fine, but IKEv2/EAP-MSCHAPv2 is not connecting properly. If using local ClearPass user - VIA connects fine. If MFA request can be accepted successfully really quick (around  5 seconds or so) - connects sucessfully. But normally VIA times out with error -8980 and connection fails.

Will not jump into troubleshooting logs, but I have a feeling VIA IPSec session times out before receiving RADIUS response. RADIUS timeouts have been tuned on controller/ClearPass side to 30 seconds, but is there anything that may have not been mentioned in the guide regarding timers? 

AOS: 10.4.1.1

CP: 6.10.8

PAP is called out as the needed protocol to support all available methods.

Integration has been done based on this guide - Microsoft Azure Multi-Factor Authentication (MFA)

General idea seems to be working - IKEv1/PAP is fine, but IKEv2/EAP-MSCHAPv2 is not connecting properly. If using local ClearPass user - VIA connects fine. If MFA request can be accepted successfully really quick (around  5 seconds or so) - connects sucessfully. But normally VIA times out with error -8980 and connection fails.

Will not jump into troubleshooting logs, but I have a feeling VIA IPSec session times out before receiving RADIUS response. RADIUS timeouts have been tuned on controller/ClearPass side to 30 seconds, but is there anything that may have not been mentioned in the guide regarding timers? 

AOS: 10.4.1.1

CP: 6.10.8