[ATP/FLEX]How to fix WAN1 for NCAS auth when WAN2 is UP but no internet connection?
Scenario :
In a specific scenario, the USG Flex/ATP has two WAN interfaces: WAN1 for internet access and WAN2 for special intranet policy and static route purposes only. In this situation, when using WAN1 as the IPsec/L2TP remote VPN server authenticated by NCAS (Nebula Cloud Authentication Server), there are instances where the NCAS authentication fails, preventing the successful establishment of the remote VPN. You might encounter the error message "RADIUS: rejecting the user 'e-mail account.
Answer :
The possible reason for this issue is that when NCAS authentication fails, the Nebula firewall attempts to execute NCAS authentication using the WAN2 interface, possibly due to WRR WAN TRUNK routing. However, WAN2 does not have an internet connection, leading to the failure of NCAS authentication.
How to resolve it?
To resolve this problem, follow these steps:
STEP1. Please navigate to Site-wide > Configure > Firewall> Routing > WAN Load Balancing
STEP2. Set the back interface to WAN2.
Categories
- All Categories
- 394 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 81 Nebula Status and Incidents
- 5.1K Security
- 82 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 914 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 209 Service & License
- 337 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 908 Nebula FAQ
- 415 Security FAQ
- 236 Switch FAQ
- 206 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 138 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 73 About Community
- 62 Security Highlight