Nov 09 2017 03:31 AM - edited Nov 09 2017 03:34 AM
Hi,
I'm having trouble getting MFA working with an Azure P2S IKEv2 VPN using RADIUS auth. It seems that the auth response timeout on the gateway is set so low (looks like 5 sec) that I don't have enough time to authenticate using MFA. I've verified this both with DUO Auth and Azure MFA; both have the same result.
I initiate the VPN connection, enter credentials, and before I can answer the phone call to verify MFA, another request is initiated and a second call comes through. If I successfully verify either or both calls, the connection fails. However, if I use a push notification to the cell phone for verification and I can verify in under 5 sec, the connection is completed.
I've also pointed my Palo Alto VPN device (where I have a specified timeout of 60 sec) at my MFA server and was able to log in successfully to that VPN - this determines the issue is not with my MFA server setup.
I've created a bug request with Microsoft on this as there doesn't seem to be a way to change the timeout.
Has anyone else encountered this issue or found a workaround??