USG Flex 200 - L2tp over IPsec with Active Directory group

syraarpe
syraarpe Posts: 7
First Comment Friend Collector
edited September 2022 in Security
Hello there

My USG Flex 200, is running Firmware 5.31

Today I have created from the wizard my L2TP settings with IPsec.

VPN Gateway & VPN Connection works fine, when change the L2TP settings to 'local'


However, change to AD

Its not working.

My test from 'AAA server'
Works fine



And my user/group - When user is not in the Group


And its says 'OK' When i deploy my test user in the Group in Active Directory server


So at this points, everything should be good.

So my settings is this in L2TP.


I have tryed to change "ALLOWED USERS" to Any, but its still the samme error.

The Windows error is code 619.

And the ZyXEL logs is this


Its says the RADIUS is auth-type-reject my login.
But im not using radius?

Is this some kind of a bug in the firmware ?


If i try a unknown username, that does not exsist on the server.
The Radius line will not show up.
Its only shows up, when the user is on the server




I have set this up, on many USG 100-300, but not on a Flex version.
Is there a bug in Flex, or did i miss something ? 

Accepted Solution

All Replies

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,396  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
    On USG FLEX 500 (FW: 5.31), L2TP VPN is able to be established using AD group user. Here are the configuration and test result for your reference. 
    To check the symptom on your device, please send the remote access of USG FLEX 200 and one AD account/password to me in private message.  :)

    User on AD server: test1
    Group user on AD server: AD_test_group
    Group user name on USG FLEX: vpn_test

     

    See how you've made an impact in Zyxel Community this year!
    https://bit.ly/Your2024Moments_Community

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,396  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
    Answer ✓
    The local ID should be the IP address of USG FLEX 200.
    Besides, select "Optional Encryption" and "PAP" on Windows.

    See how you've made an impact in Zyxel Community this year!
    https://bit.ly/Your2024Moments_Community

Security Highlight