IKEv2-Connector

StefanD
StefanD Posts: 2  Freshman Member
First Comment First Anniversary
edited April 2021 in Security

I'm trying to establish a VPN connection via IKEv2 and the authentication should make an AD.


In the USG an AAAServer ( ad ) was created.

Within Auth.method: created "auth_ad_administrators " and method: ad stored .

Within the ( ad ) also users are shown during "test", which works.

Within User/Group: ad-user_adminstrators, also here "testuser" is found during the test.


If I now in the configuration: VPN_Gateway

under Phase1, extended_Authenticaion_Protocol

Server_Mode: auth_ad_administrators

Allow_User: select ad-user_administrstrators.


Always comes AUTH fail!


what else am I doing wrong?

On the windows_server, I see no entry in the "event log".

Have you experienced this / how did you implement this

All Replies

  • StefanD
    StefanD Posts: 2  Freshman Member
    First Comment First Anniversary

    Solution:

    Radius established.

    Divert all connectors to the radius.

    Done.

    IKEv2 on the client now logs on to usg110, which forwards the authorization to the radius, which then releases the network access.


    Have a nice weekend

  • warwickt
    warwickt Posts: 111  Ally Member
    5 Answers First Comment Friend Collector Third Anniversary

    Hi StefanD nice one. thanks for the tip.

    Warwick

    Hong Kong

Security Highlight