IKEv2 VPN with AD authentication problem

nielsscheldeman Posts: 31
First Comment Friend Collector First Anniversary
 Freshman Member
edited March 8 in Security


I've set up an IKEv2 VPN and with local user on FLEX200, this connects fine from Secuextender. Now I want to integrate with AD, so created a user on domain controller with read rights on the security group

AAA Server Active directory setup done, configuration validation with user says OK

Created Authentication method (testauth) and added the AD Profile

Created ext-group-user in Object (TEST_AD-Users), filled in Group Identifier with right security group from AD and entered a test username: OK so far

Changed my IKEv2 Gateway EAP:

  • AAA Method: testauth
  • Allowed User: TEST_AD-USers

Now I try to connect in tunnel from Secuextender, but I get an EAP authentication failed error

Filled username in as: username also tried [email protected] and username@domain.

What could be wrong?

Accepted Solution

  • Zyxel_Kevin
    Zyxel_Kevin Posts: 582
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 50 Answers 500 Comments
     Zyxel Employee
    edited March 9 Answer ✓

    Hi @nielsscheldeman ,

    Greeting Forum.

    Please kindly check if you have enable MSCHAPv2 at AD settings.

    If the settings are fine. Please share configuration files and packets betwee AD/Firewall by private message

    Thank you

All Replies

Security Highlight