[ATP/FLEX]How to fix WAN1 for NCAS auth when WAN2 is UP but no internet connection?
Zyxel Employee
Scenario :
In a specific scenario, the USG Flex/ATP has two WAN interfaces: WAN1 for internet access and WAN2 for special intranet policy and static route purposes only. In this situation, when using WAN1 as the IPsec/L2TP remote VPN server authenticated by NCAS (Nebula Cloud Authentication Server), there are instances where the NCAS authentication fails, preventing the successful establishment of the remote VPN. You might encounter the error message "RADIUS: rejecting the user 'e-mail account.
Answer :
The possible reason for this issue is that when NCAS authentication fails, the Nebula firewall attempts to execute NCAS authentication using the WAN2 interface, possibly due to WRR WAN TRUNK routing. However, WAN2 does not have an internet connection, leading to the failure of NCAS authentication.
How to resolve it?
To resolve this problem, follow these steps:
STEP1. Please navigate to Site-wide > Configure > Firewall> Routing > WAN Load Balancing
STEP2. Set the back interface to WAN2.
Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP! https://bit.ly/2024_Survey_Community
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 237 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight