IKEv2 VPN with AD authentication
Hi
I have VPN100 where i can't the AD authentication to work. The VPN tunnel works when i use a local user, but when i use an AD user i am getting an (AUTH fail!) in the log. Both places you can test the AD connection it is ok and also when i log to local interface with an AD user i get this screen.
I have VPN100 where i can't the AD authentication to work. The VPN tunnel works when i use a local user, but when i use an AD user i am getting an (AUTH fail!) in the log. Both places you can test the AD connection it is ok and also when i log to local interface with an AD user i get this screen.
0
Comments
-
Hi @SCJF
In IKEv2 user auth it will use MSCHAPv2 with AD server.
So it means you have to configure MSCAPv2 on your VPN100. (In this test scenario, usg.com is domain name)
(1) Change host name of VPN100 and add domain name.
(2) Enable MSCHAP function in AAA setting.
(3) Setup a domain zone forward in DNS setting.
(4) Make sure your VPN100 has join to your AD domain successfully.
After setup these setting, VPN100 should able join into your AD domain.
And will able to use MSCAPv2 to authenticate your AD account.
0
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 218 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 245 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3.1K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight