Why does the remote VPN with AD authentication fail on the USG Flex H model?

Options
Zyxel_Jeff
Zyxel_Jeff Posts: 1,337  Zyxel Employee
100 Answers 500 Comments Friend Collector Fourth Anniversary
edited June 27 in VPN

Question :

The user may encounter an issue where they can obtain the VPN provisioning file from the firewall using AD authentication, but cannot establish an IKEv2 VPN connection with AD authentication.

Why does the remote VPN with AD authentication fail on the USG Flex H model?

The user can get the VPN provisioning file from the firewall successfully.

image.png

However, the IKEv2 VPN connection cannot be established, and the event log will show "generating IKE_AUTH response 4 [EAP/FAIL]" and "RADUIS authentication of ‘AD account’ failed.

image.png

Answer :

The possible reason is that the firewall has not been joined to the AD domain. Once the firewall successfully joins the AD domain, the IKEv2 VPN can be established normally.

Join Domain

image.png

Join Domain successfully

image.png

The VPN connection can be established.

image.png