SSL VPN / L2TP / AD Authentication: connection fail when VTI active
Briefly:
When we add VTI into our configuration of Zywall 310, SSL VPN (SecuExtender) and L2TP clients cannot connect using AD authentication, while local authentication (on Zywall itself) works fine.
We supposed, that our new VTI does not let Zywall to get to DC.
We used "Configuration validation" in Object/AAA Server/Active Directory section to check this idea.
Everithing is "ok" there.
Also we captured LDAP interchange between Zywall and DC and found, that bind is sucsessfull, Zywall authenticates user in AD with a password as well (for SSL VPN)
And bind is successfull / authentication fail (for L2TP/PAP)
Simple things, like: disable firewall, update firmware, etc., etc. is already done.
So, we caught a complicated bug.
When we disable VTI, SSL VPN client and L2TP client connects well.
We need a remote assistance of an expert, ready to share the configuration and debug logs.
All Replies
-
Here is the test result in our lab.
Model: ZyWALL 310, USG110
FW: 4.35
VTI interfaces and VTI trunk are created on both devices.
VPN tunnels are established.
L2TP VPN and SSL VPN can be connected to ZyWALL 310 using the AD user account.
Since the issue is not able to be reproduced in our lab, could you share startup-config.conf with us to check the symptom?
I will contact you in private message for more information.
See how you've made an impact in Zyxel Community this year!
https://bit.ly/Your2024Moments_Community0 -
Hello, Emily!
I sent you conf. in a private message.
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 151 Nebula Ideas
- 98 Nebula Status and Incidents
- 5.7K Security
- 277 USG FLEX H Series
- 277 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.4K Consumer Product
- 250 Service & License
- 395 News and Release
- 85 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 74 Security Highlight