IKEv2 VPN with AD authentication
Options
Hi
I have VPN100 where i can't the AD authentication to work. The VPN tunnel works when i use a local user, but when i use an AD user i am getting an (AUTH fail!) in the log. Both places you can test the AD connection it is ok and also when i log to local interface with an AD user i get this screen.
I have VPN100 where i can't the AD authentication to work. The VPN tunnel works when i use a local user, but when i use an AD user i am getting an (AUTH fail!) in the log. Both places you can test the AD connection it is ok and also when i log to local interface with an AD user i get this screen.
0
Comments
-
Hi @SCJF
In IKEv2 user auth it will use MSCHAPv2 with AD server.
So it means you have to configure MSCAPv2 on your VPN100. (In this test scenario, usg.com is domain name)
(1) Change host name of VPN100 and add domain name.
(2) Enable MSCHAP function in AAA setting.
(3) Setup a domain zone forward in DNS setting.
(4) Make sure your VPN100 has join to your AD domain successfully.
After setup these setting, VPN100 should able join into your AD domain.
And will able to use MSCAPv2 to authenticate your AD account.
0
Categories
- All Categories
- 397 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 81 Nebula Status and Incidents
- 5.1K Security
- 91 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 918 WirelessLAN
- 35 WLAN Ideas
- 5.9K Consumer Product
- 210 Service & License
- 337 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 2K FAQ
- 922 Nebula FAQ
- 422 Security FAQ
- 238 Switch FAQ
- 208 WirelessLAN FAQ
- 47 Consumer Product FAQ
- 139 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 62 Security Highlight