The roadwarrior carol sets up a connection to gateway moon. At the outset the gateway authenticates itself to the client by sending an IKEv2 RSA signature accompanied by a certificate. carol then uses the Extensible Authentication Protocol in association with a GSM Subscriber Identity Module (EAP-SIM) to authenticate against the gateway moon. In this scenario, triplets from the file /etc/ipsec.d/triplets.dat are used instead of a physical SIM card on the client carol. The gateway forwards all EAP messages to the RADIUS server alice which also uses a static triplets file.
The roadwarrior dave sends wrong EAP-SIM triplets. As a consequence the radius server alice returns an Access-Reject message and the gateway moon sends back an EAP_FAILURE.