SSL VPN / L2TP / AD Authentication: connection fail when VTI active
Briefly:
When we add VTI into our configuration of Zywall 310, SSL VPN (SecuExtender) and L2TP clients cannot connect using AD authentication, while local authentication (on Zywall itself) works fine.
We supposed, that our new VTI does not let Zywall to get to DC.
We used "Configuration validation" in Object/AAA Server/Active Directory section to check this idea.
Everithing is "ok" there.
Also we captured LDAP interchange between Zywall and DC and found, that bind is sucsessfull, Zywall authenticates user in AD with a password as well (for SSL VPN)
And bind is successfull / authentication fail (for L2TP/PAP)
Simple things, like: disable firewall, update firmware, etc., etc. is already done.
So, we caught a complicated bug.
When we disable VTI, SSL VPN client and L2TP client connects well.
We need a remote assistance of an expert, ready to share the configuration and debug logs.
All Replies
-
Here is the test result in our lab.
Model: ZyWALL 310, USG110
FW: 4.35
VTI interfaces and VTI trunk are created on both devices.
VPN tunnels are established.
L2TP VPN and SSL VPN can be connected to ZyWALL 310 using the AD user account.
Since the issue is not able to be reproduced in our lab, could you share startup-config.conf with us to check the symptom?
I will contact you in private message for more information.
0 -
Hello, Emily!
I sent you conf. in a private message.
0
Categories
- All Categories
- 347 Beta Program
- 2.1K Nebula
- 114 Nebula Ideas
- 77 Nebula Status and Incidents
- 5K Security
- 44 USG FLEX H Series
- 246 Security Ideas
- 1.2K Switch
- 65 Switch Ideas
- 901 WirelessLAN
- 33 WLAN Ideas
- 5.8K Consumer Product
- 204 Service & License
- 326 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.8K FAQ
- 829 Nebula FAQ
- 401 Security FAQ
- 219 Switch FAQ
- 190 WirelessLAN FAQ
- 45 Consumer Product FAQ
- 136 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 71 About Community
- 61 Security Highlight