vpn client and nat server
All Replies
-
but to connect from the remote client do I have to use Ipsec VPN client and then to make join to domani?
0 -
Do you mean that you want to build up a vpn tunnel to the device with the AD server users to login?
Can you describe more details about your scenario?
0 -
this scenario
can i use secure extender for connect ?
0 -
Hi @ antonellobellisario
Yes, it can use SecuExtender to build up SSL VPN tunnel to login USG AD users.
Below is the example settings
Go to Configuration → Object → AAA Server > select the already created "AD" profile and click Edit.
At the bottom of the settings, you can test your account on "Configuration Validation" field.To make the USG look in the Active Directory
Go to the Configuration→ Object→ Auth. Method> Edit the default rule.
Add group ad in to the settings
Create a ext-group-user
Go to Configuration→ Object→ User/Group
Setup SSL VPN settings
Go to Configuration > VPN > SSL VPN > Click “Add” to add a new rule
Then can use SecuExtender to build SSL VPN tunnel to the device
Here is the link of related discussion article on forum
https://businessforum.zyxel.com/discussion/1002/ad-validated-users-ssl-vpn
1 -
If you're just trying to VPN into a domain managed LAN, that LAN is using the domain server for DNS as well, correct? If so, can't you just do something like this: https://businessforum.zyxel.com/discussion/4207/how-to-force-dns-query-pass-into-ssl-vpn-tunnel
To force the remote system's DNS through the VPN to the domain server? Then you should be able to join the domain and resolve NetBIOS names, etc.0 -
when I try the useri see the message
"vpn" does not belong to this group.what am I doing wrong?0 -
It means that the user is not belong to the group on your AD server,
It need to add the user into the group.
Here is link of related setting on AD server
https://kb.zyxel.com/KB/searchArticle!gwsViewDetail.action?articleOid=014994&lang=EN
0 -
the configuration is correct but always this message:
"users" does not belong to this group.
0 -
Can you have a check which organization is the “vpn “ user belongs to?
If the user is under different organization, it will not detect the user.
Here is the related example,
Add a user named “usera” in below domain “USG.com”,
And the “usera” is under the organization “CSO” and it belongs to the group “CSO-test
When setup the ext-group-user setting on USG
If set group identifier as CN=test_group,CN=Users,DC=usg,DC=com,
The Test Status will display “usera” does not belong to this group”.
Since the “usera” is not in the organization “Users”, it is in the organization “CSO”
The identifier should setup as “CN=CSO-test,OU=CSO,DC=usg,DC=com
Then check the Test Status on the device, it will display “ OK “.
1
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 148 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight