AD users not able to connect to SSL_VPN, Local users connect correctly. Auth Method set correctly.

ThysmithThysmith Member Posts: 11
in ZyWALL VPN Series
Hi all, I have checked through the form but nothing has seemed to explain what is going wrong. Here is the log to start:
[ 2018/11/19 12:45:12 ][SecuExtender Agent][DETAIL]  Build Datetime: Dec 22 2016/15:25:36

This just occurs with AD Users which validate properly within the GUI. Local users connect normally without issue. 

Auth Method is setup with Local and Group AD

Router Log just shows this 
1
2018-11-20 11:51:25
notice
User
User ******(MAC=-) from http/https has logged out Device


2
2018-11-20 11:51:25
notice
SSL VPN
User ******* from http/https is connecting SSL tunnel.

3
2018-11-20 11:51:25
notice
User
User ******(MAC=-) from http/https has logged in Device
This is a USG 40 running 4.32. Something similar is also occurring on a USG 20 - VPN

Server is 2012 R2 in both cases. 
· Share on Facebook

All Replies

  • Zyxel_EmilyZyxel_Emily Zyxel Official Agent Posts: 571  mod

    Hi @Thysmith,

     

    AD user is able to establish SSL VPN to USG40.


    Make sure ad-users is in selected user in SSL VPN policy.


    If you’re using the default Authentication Method rule, make sure “group ad” is on the list.


    If you create another rule(ex: new_auth) in Authentication Method with “group ad”, remember to select the new created rule (ex: new_auth) in CONFIGURATION > System > WWW > Service Control > Authentication.


    The latest firmware is sent to you in the private message. 
    If AD user is still unable to build SSL VPN, please feel free to let me know and send the remote access information to me via private message.
    · Share on Facebook
  • ThysmithThysmith Member Posts: 11
    Hi Emily, Appears the Firmware update you sent me resolved the issue! Thank you so much!
    · Share on Facebook
  • Zyxel_EmilyZyxel_Emily Zyxel Official Agent Posts: 571  mod

    Good to hear the issue is resolved.   =)
    · Share on Facebook
  • chadtedchadted Member Posts: 1
    I'm also having a similar issue, running firmware V4.32(ABAQ.0) on USG20-VPN
    Is there a newer firmware?\

    · Share on Facebook
  • Zyxel_EmilyZyxel_Emily Zyxel Official Agent Posts: 571  mod

    The firmware is sent to you via private message.
    · Share on Facebook
  • ThysmithThysmith Member Posts: 11
    Hi Emily, Some of my users are still having quite a bit issues connecting. The new firmware you provided did have good results but it is still hit and miss, any other suggestions?
    · Share on Facebook
  • Zyxel_CharlieZyxel_Charlie Zyxel Official Agent Posts: 857  mod
    @Thysmith
    Regarding to your description, some of users faced the issue, others did not.
    You may check issue account on device.
    Go to AAA server, and press test.

    If the account is in the AD group, the result will show as below

    Or you need to make sure the account already added in your own AD server.
    Charlie
    · Share on Facebook
  • ThysmithThysmith Member Posts: 11
    Haha, that is definitely not the issue.

    What I am seeing is this:

    I am actually now trying it with a Local User Account (Nick and a Domain account NickW)

    They both show as logged in on this page of the router. 

    BUT

    Aint Nobody home. 

    I get this but nothing else in the logs 


    (hope you can see that)
    · Share on Facebook
  • ThysmithThysmith Member Posts: 11
    edited January 29, 2019 12:29PM
    It Appears that 4.33 dropped today and I noticed SE 4.0.3.0. So far things worked right after reboot, but I will test further and report back. 
    · Share on Facebook
Sign In to comment.