IKEv2 VPN with AD authentication

SCJF Posts: 1
edited April 2021 in Security

I have VPN100 where i can't the AD authentication to work. The VPN tunnel works when i use a local user, but when i use an AD user i am getting an (AUTH fail!) in the log. Both places you can test the AD connection it is ok and also when i log to local interface with an AD user i get this screen.


  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,366  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @SCJF

    In IKEv2 user auth it will use MSCHAPv2 with AD server.

    So it means you have to configure MSCAPv2 on your VPN100. (In this test scenario, usg.com is domain name) 

    (1) Change host name of VPN100 and add domain name.

    (2) Enable MSCHAP function in AAA setting.

    (3) Setup a domain zone forward in DNS setting.

    (4) Make sure your VPN100 has join to your AD domain successfully.

    After setup these setting, VPN100 should able join into your AD domain.

    And will able to use MSCAPv2 to authenticate your AD account.

Security Highlight