The roadwarrior carol sets up a connection to gateway moon. The gateway moon does not send an AUTH payload thus signalling a mutual EAP-only authentication. carol then uses the Extensible Authentication Protocol in association with a GSM Subscriber Identity Module (EAP-SIM) to authenticate against the gateway moon. In this scenario, triplets from the file /etc/ipsec.d/triplets.dat are used instead of a physical SIM card on the client carol. The gateway forwards all EAP messages to the RADIUS server alice which also uses a static triplets file.
The roadwarrior dave sends wrong EAP-SIM triplets. As a consequence the radius server alice returns an Access-Reject message and the gateway moon sends back an EAP_FAILURE.