SBG3600 > VPN > Radius not working

Options
jörg_giencke
jörg_giencke Posts: 2
First Comment
edited April 2021 in Security
When VPN > IPSec > XAUTH > Radius is set the SBG does not send a single packet to the Radius server. At least it looks like that because sniffing at the server's port 1812 doesn't show a single packet.

We also got NWA1123 AC Pro APs connecting to the same Radius server and that works perfectly. The Server receives packets from the APs at port 1812, server answers > connected.

All Replies

  • Alfonso
    Alfonso Posts: 257  Master Member
    First Anniversary Friend Collector First Answer First Comment
    Options
    Before authentication, IPSec phases 1 and 2 should complete.

    Try to verify it. 
  • jörg_giencke
    jörg_giencke Posts: 2
    First Comment
    Options
    In the meantime I figured out that the SGB ist not using XAUTH at all - no matter what settings are used. It does exactly the same thing when XAUTH is unchecked or XAUTH is checked with either Local DB or Radius.

    I'm testing that with two users, a local one (myname) and an AD / Radius user (my.name). As far as I understand, if XAUTH / Radius is checked, myname should fail because it's a local user - but it still works. On the other hand my.name fails (No CHAP secret found for authenticating my.name) because the SBG ist not asking the Radius server, it's still testing against the local users.

  • Zyxel_Vic
    Zyxel_Vic Posts: 281  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    jörg_giencke
    What firmware version are you using? Did you upgrade your SBG3600 firmware to the latest? 

Categories

Security Highlight


Read more

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)