Access an AD server for AD authentication when the AD server is in a tunnel

JeroenSoree
JeroenSoree Posts: 9  Freshman Member
First Comment
edited April 2021 in Security

Hi,

We have a USG 110 working great with a tunnel form the office to our Datacenter. No problem there. Now we want AD authentication on SSL VPN via AD but our USG is not able to see the domain contollers in our DC. Ping from the USG to the DC also does not work, Tracaroute goes onto the internet. Our DC's are in the datacenter and I would like to set up ad as an AAA Server. From a client in the office the DC's are reachable.

Lost a bit. Any idea's?

Jeroen

All Replies

  • Jeremylin
    Jeremylin Posts: 166  Master Member
    First Answer First Comment Third Anniversary
    edited April 2020

    AD domain host can not see the USG?

    Do you enable MSchap V2 on AD? Try to disable it.

  • JeroenSoree
    JeroenSoree Posts: 9  Freshman Member
    First Comment

    Hi,

    Tried it with and without. Problem is the USG does not see the DC when the DC is on the other side of our tunnel to the Datacenter. The USG in in our office, the Datacenter is miles away via a tunnel.

  • zyman2008
    zyman2008 Posts: 219  Master Member
    25 Answers First Comment Friend Collector Seventh Anniversary

    Hi,

    I think that's the old problem of ZyWALL routing of policy based IPSec VPN.

    Since policy based IPSec without an interface bind with the tunnel.

    Which interface IP address will be to connect to the remote services ?

    So the right solution is using route based IPSec VPN with VTI interface.


    Or a very trick way if you keep using the policy based IPSec VPN,

    For example,

    The remote server IP address is 10.10.10.1

    The local policy of the IPSec VPN is the lan1 network.

    And you want ZyWALL to connect to 10.10.10.1 with lan1 interface ip address

    Add a static route,

    Destination: 10.10.10.1/32, next-hop: interface lan1


    Then ZyWALL will using lan1 interface IP address as the source IP to connect to the remote services.

Security Highlight