Zyxel Flex 500 VPN using Active Directory Authorisation

RoyCruse

OK so Im pulling my hair out on this one.

Active directory is setup correctly in AAA Server section and is working to the extent it allows logins to sessions on the firewall from its web interface (not that we use this functionality but a good way to see if you can login using AD credentials)

But if i try to set the same auth method up for my L2TP over IPSec VPN I get invalid username or password errors.   I know the username and password is correct as i can log into a session using the same username and password on the zyxels web interface.

How do i debug this - its driving me crazy - way to many days spent trying to get it to work.

If i use a local username and password the vpn connects fine so i know its not the config of the vpn either.

RoyCruse

First Screenshot showing an Active Directory Authorised login to the Device
Second Screenshot showing the rejected VPN login

Zyxel_James

Hello @RoyCruse,
Please login to Web CLI and input the CLI command below to check if AD join successfully.
_debug domain-auth test profile-name [profilename] username [username] password [password]

I would like to check on the packet captured between USG FLEX 500 and the AD server, could you provide them?

Moreover, I have contacted you through private message, asking for remote access for further checking, please check your inbox, thank you.

James