I recently had an interesting issue in getting a SonicWall Aventail EX series device to communicate with a Radius server (Vasco).

After a bit of trouble shooting it turned out that the Radius authentication response was being dropped by the iptables running on the appliance it self as tcpdump showed the Radius response message was arriving at the appliance, but the error log under the Aventail Mananagement Console) was showing the the Radius server failed to respond.

The file /var/log/kern.iptables file was logging the dropped packets. Search around Sonicwall's website did not reveal anything useful. Iptable's rules regarding Radius traffic:

aventail:/var/log# iptables -L -n | grep RADIUS
Chain RADIUS_FILTER (1 references)
RADIUS_FILTER  udp  --  0.0.0.0/0            0.0.0.0/0           udp spt:1645 

Poking around at the init scripts lead to the directory /var/lib/iptables containing the magic place which needed to be updated and changes to be re-loaded:

aventail:/var/lib/iptables# diff active.radius.fix active
237c237
< -A UDP_FILTER -p udp --sport 1645 -j RADIUS_FILTER
---
> -A UDP_FILTER -p udp --sport 1812 -j RADIUS_FILTER

aventail:/var/lib/iptables# /etc/init.d/iptables reload
Starting iptables: loaded active state

aventail:/var/lib/iptables# iptables -L -n | grep 1812
RADIUS_FILTER  udp  --  0.0.0.0/0            0.0.0.0/0           udp spt:1812