USG Flex 200 - L2tp over IPsec with Active Directory group
Hello there
My USG Flex 200, is running Firmware 5.31
Today I have created from the wizard my L2TP settings with IPsec.
VPN Gateway & VPN Connection works fine, when change the L2TP settings to 'local'
However, change to AD
Its not working.
My test from 'AAA server'
Works fine
And my user/group - When user is not in the Group
And its says 'OK' When i deploy my test user in the Group in Active Directory server
So at this points, everything should be good.
So my settings is this in L2TP.
I have tryed to change "ALLOWED USERS" to Any, but its still the samme error.
The Windows error is code 619.
And the ZyXEL logs is this
Its says the RADIUS is auth-type-reject my login.
But im not using radius?
Is this some kind of a bug in the firmware ?
If i try a unknown username, that does not exsist on the server.
The Radius line will not show up.
Its only shows up, when the user is on the server
I have set this up, on many USG 100-300, but not on a Flex version.
Is there a bug in Flex, or did i miss something ?
My USG Flex 200, is running Firmware 5.31
Today I have created from the wizard my L2TP settings with IPsec.
VPN Gateway & VPN Connection works fine, when change the L2TP settings to 'local'
However, change to AD
Its not working.
My test from 'AAA server'
Works fine
And my user/group - When user is not in the Group
And its says 'OK' When i deploy my test user in the Group in Active Directory server
So at this points, everything should be good.
So my settings is this in L2TP.
I have tryed to change "ALLOWED USERS" to Any, but its still the samme error.
The Windows error is code 619.
And the ZyXEL logs is this
Its says the RADIUS is auth-type-reject my login.
But im not using radius?
Is this some kind of a bug in the firmware ?
If i try a unknown username, that does not exsist on the server.
The Radius line will not show up.
Its only shows up, when the user is on the server
I have set this up, on many USG 100-300, but not on a Flex version.
Is there a bug in Flex, or did i miss something ?
0
Accepted Solution
-
Hi @syraarpe,The local ID should be the IP address of USG FLEX 200.Besides, select "Optional Encryption" and "PAP" on Windows.
0
Zyxel Employee
All Replies
-
Hi @syraarpe,On USG FLEX 500 (FW: 5.31), L2TP VPN is able to be established using AD group user. Here are the configuration and test result for your reference.
To check the symptom on your device, please send the remote access of USG FLEX 200 and one AD account/password to me in private message.
User on AD server: test1Group user on AD server: AD_test_group
Group user name on USG FLEX: vpn_test
0 -
Hi @syraarpe,The local ID should be the IP address of USG FLEX 200.Besides, select "Optional Encryption" and "PAP" on Windows.0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 145 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 239 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight
