[ATP/FLEX]How to fix WAN1 for NCAS auth when WAN2 is UP but no internet connection?
Zyxel Employee
Scenario :
In a specific scenario, the USG Flex/ATP has two WAN interfaces: WAN1 for internet access and WAN2 for special intranet policy and static route purposes only. In this situation, when using WAN1 as the IPsec/L2TP remote VPN server authenticated by NCAS (Nebula Cloud Authentication Server), there are instances where the NCAS authentication fails, preventing the successful establishment of the remote VPN. You might encounter the error message "RADIUS: rejecting the user 'e-mail account.
Answer :
The possible reason for this issue is that when NCAS authentication fails, the Nebula firewall attempts to execute NCAS authentication using the WAN2 interface, possibly due to WRR WAN TRUNK routing. However, WAN2 does not have an internet connection, leading to the failure of NCAS authentication.
How to resolve it?
To resolve this problem, follow these steps:
STEP1. Please navigate to Site-wide > Configure > Firewall> Routing > WAN Load Balancing
STEP2. Set the back interface to WAN2.
See how you've made an impact in Zyxel Community this year!
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 146 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight