The best way to view the tcpdump is to download and install Wireshark on your PC. http://www.wireshark.org/ Save the tcpdump to your pc and open it with Wireshark. Filter on the ip address of your radius server or sort by protocol and look for radius entries.

Ran a TCP dump, and I really don't know what to look for.  Just a few seconds generates several hundred lines of data.  I tried to pull the text into a text file, but I can't seem to do a search on it.  I was hoping to run a search on the IP address I was doing testing on.  Any idea on what I should be looking for?

I see some TLSv1.2 entries being sent from the client to the vpn.  Granted, I really don't know what is causing the login to fail as I at least see this traffic.  What I don't see is any communication from the VPN to the RSA server.  I should see the same traffic from VPN to the RSA correct?

You should see radius packets between the SA internal port and the radius server.  If not, I am assuming communcation between the SA and radius server may be encrypted via SSL which is the reason why you do not see anything.  Since this is the case, the only way to know if the SA is sending data is enabling debugging on the SA.  Please open a jtac case and provide case number.  I can try and assist through those channels.

Hello Brian,

Take a tcpdump when you are replicating the issue.  If you do not see a packet leave the SA internal port, you can say it is an issue with the SA device.  If this is the case, we would need to enable debugging on the SA device to clarify if there is an issue with the RSA implementation.