Why does the remote VPN with AD authentication fail on the USG Flex H model?






Question :
The user may encounter an issue where they can obtain the VPN provisioning file from the firewall using AD authentication, but cannot establish an IKEv2 VPN connection with AD authentication.
Why does the remote VPN with AD authentication fail on the USG Flex H model?
The user can get the VPN provisioning file from the firewall successfully.
However, the IKEv2 VPN connection cannot be established, and the event log will show "generating IKE_AUTH response 4 [EAP/FAIL]" and "RADUIS authentication of ‘AD account’ failed.
Answer :
The possible reason is that the firewall has not been joined to the AD domain. Once the firewall successfully joins the AD domain, the IKEv2 VPN can be established normally.
Join Domain
Join Domain successfully
The VPN connection can be established.
Categories
- All Categories
- 435 Beta Program
- 2.7K Nebula
- 176 Nebula Ideas
- 117 Nebula Status and Incidents
- 6.1K Security
- 425 USG FLEX H Series
- 298 Security Ideas
- 1.6K Switch
- 78 Switch Ideas
- 1.2K Wireless
- 44 Wireless Ideas
- 6.7K Consumer Product
- 274 Service & License
- 419 News and Release
- 88 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 89 Security Highlight