To prevent locking any existing, non-2FA enabled AD users out of your VPN we recommend that you allow Non-2FA users during the transitioning phase.In the Authentication section apply the settings shown in Figure 1-1 below.The shared secret is the RADIUS shared secret for the external authenticator that you will configure on your appliance.If your appliance communicates via IPv6, use that IP address along with the related scope ID (interface ID). The IP address is the internal IP address of your appliance. Configure the IP Address and Shared Secret for the Client so that they correspond to the configuration of your VPN appliance.
This integration guide utilizes Client does not validate user name and password Client type for this particular VPN appliance.