VPN login with Zyxel VPN IPSec Client (EAP Popup activated) dows not work with AD User
Anyone has a hint for me?
I have configured AD with a ZyWALL110 and the same also with a USG310. All AD User Tests work fine. Login on USG/ZW for Domain Users work great. Also Configuration Provisioning with domain user is working fine.
The Problem starts when I use EAP (EAP Popup activated) on the Zyxel Client. The Problem is the same on bith, the ZyWALL110 and the USG310.
Problem 1: If I use a local fw user, VPN connection works exactly 1 times. Second and further connection attempts fail. No error in Firewall Log, but a strange error in Client log: "No user certificate available for the connexion2"
Yet, if I do an IKE Reset on the client, VPN connection works again (once).
If I enter the EAP in the client (hence, EAP Popup deactivated), login to VPN works every time!
Problem 2: If I use a domain user, the VPN will not connect at all (never).
Error on firewall: "AUTH fail!".
Error on Client: "Remote endpoint sent EAP FAILURE code"
Remark: if I enable and configure "Domain Authentication for MSChap", the first attempt with local user fails too.
Anyone has an idea?
Dan
USG310: V4.25(AAPJ.1) / 2017-07-13 11:08:08 (please do not tell me to upgrade FW. I know, but I cannot upgrade due to another unsolved issue)
ZyWALL 110: V4.25(AAPJ.1) / 2017-07-13 11:08:08
I have configured AD with a ZyWALL110 and the same also with a USG310. All AD User Tests work fine. Login on USG/ZW for Domain Users work great. Also Configuration Provisioning with domain user is working fine.
The Problem starts when I use EAP (EAP Popup activated) on the Zyxel Client. The Problem is the same on bith, the ZyWALL110 and the USG310.
Problem 1: If I use a local fw user, VPN connection works exactly 1 times. Second and further connection attempts fail. No error in Firewall Log, but a strange error in Client log: "No user certificate available for the connexion2"
Yet, if I do an IKE Reset on the client, VPN connection works again (once).
If I enter the EAP in the client (hence, EAP Popup deactivated), login to VPN works every time!
Problem 2: If I use a domain user, the VPN will not connect at all (never).
Error on firewall: "AUTH fail!".
Error on Client: "Remote endpoint sent EAP FAILURE code"
Remark: if I enable and configure "Domain Authentication for MSChap", the first attempt with local user fails too.
Anyone has an idea?
Dan
USG310: V4.25(AAPJ.1) / 2017-07-13 11:08:08 (please do not tell me to upgrade FW. I know, but I cannot upgrade due to another unsolved issue)
ZyWALL 110: V4.25(AAPJ.1) / 2017-07-13 11:08:08
0
All Replies
-
Hi @grokit,
EAP Popup activated => Does it mean X-Auth on ZyWALL IPSec VPN client?
We need more information to check this issue including the configuration file of USG and the tgb file for ZyWALL IPSec VPN client.
The required information will be sent in the private message.
0
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.5K Security
- 216 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 243 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight