IKev2 and 2012r2 authentication
Hello guys , i have some questions/problems about IKEv2 and auth, i will start with these info:
- active directory (and ldap too) authentication works perfectly from AAA Server page, the server is a 2012 R2 64
- L2TP/IPSEC works with Active directory users
-I Use VPN client from Windows (7 o 10) both works
- Firewall USG 1100 and 4.31(AAPK.0) firmware (last)
Then, from this guide http://onesecurity.zyxel.com/img/uploads/Next-Gen_IKEv2_VPN_Server_Role_CR.pdf , i create an IKEv2 Tunnel, a valid signed certificate and all necessary described.
In Extended Authentication Protocol from IKEv2 Tunnel i've selected EAP Server mode, with Active directory AAA method and "any" for allowed users.
In these conditions Nothing cannot connect on VPN, nothing about Active directory Users, because if i use a local USG user (like Admin) it's works perfectly.
there is a bug with AD auth and IKE v2?
any ideas?
Many thanks
Accepted Solution
-
very useful, now it works!
many thanks!!
0
All Replies
-
Hi @another_user,
The USG1100 must join an AD domain.
In the following example, domain name is usg.com.
Go to CONFIGURATION > System > Host Name and enter the domain name.
On AD server, usg1100 should appear in Computers.
Go to CONFIGURATION > System > DNS > Address/PTR Record and add a record.Go to AAA Server > Active Directory > AD object. Configure Domain Authentication for MSChap.
The user in this field should belongs to “domain admin” on your AD server.
Result: IKEv2 is established with AD account successfully.
0 -
very useful, now it works!
many thanks!!
0
Categories
- All Categories
- 385 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 80 Nebula Status and Incidents
- 5.1K Security
- 74 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 70 Switch Ideas
- 907 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 210 Service & License
- 335 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 886 Nebula FAQ
- 415 Security FAQ
- 228 Switch FAQ
- 199 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 73 About Community
- 63 Security Highlight