Access an AD server for AD authentication when the AD server is in a tunnel
Hi,
We have a USG 110 working great with a tunnel form the office to our Datacenter. No problem there. Now we want AD authentication on SSL VPN via AD but our USG is not able to see the domain contollers in our DC. Ping from the USG to the DC also does not work, Tracaroute goes onto the internet. Our DC's are in the datacenter and I would like to set up ad as an AAA Server. From a client in the office the DC's are reachable.
Lost a bit. Any idea's?
Jeroen
All Replies
-
AD domain host can not see the USG?
Do you enable MSchap V2 on AD? Try to disable it.
0 -
Hi,
Tried it with and without. Problem is the USG does not see the DC when the DC is on the other side of our tunnel to the Datacenter. The USG in in our office, the Datacenter is miles away via a tunnel.
0 -
Hi,
I think that's the old problem of ZyWALL routing of policy based IPSec VPN.
Since policy based IPSec without an interface bind with the tunnel.
Which interface IP address will be to connect to the remote services ?
So the right solution is using route based IPSec VPN with VTI interface.
Or a very trick way if you keep using the policy based IPSec VPN,
For example,
The remote server IP address is 10.10.10.1
The local policy of the IPSec VPN is the lan1 network.
And you want ZyWALL to connect to 10.10.10.1 with lan1 interface ip address
Add a static route,
Destination: 10.10.10.1/32, next-hop: interface lan1
Then ZyWALL will using lan1 interface IP address as the source IP to connect to the remote services.
0
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 218 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 245 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3.1K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight