IKEv2 VPN with AD authentication
Options
Hi
I have VPN100 where i can't the AD authentication to work. The VPN tunnel works when i use a local user, but when i use an AD user i am getting an (AUTH fail!) in the log. Both places you can test the AD connection it is ok and also when i log to local interface with an AD user i get this screen.
I have VPN100 where i can't the AD authentication to work. The VPN tunnel works when i use a local user, but when i use an AD user i am getting an (AUTH fail!) in the log. Both places you can test the AD connection it is ok and also when i log to local interface with an AD user i get this screen.
0
Comments
-
Hi @SCJF
In IKEv2 user auth it will use MSCHAPv2 with AD server.
So it means you have to configure MSCAPv2 on your VPN100. (In this test scenario, usg.com is domain name)
(1) Change host name of VPN100 and add domain name.
(2) Enable MSCHAP function in AAA setting.
(3) Setup a domain zone forward in DNS setting.
(4) Make sure your VPN100 has join to your AD domain successfully.
After setup these setting, VPN100 should able join into your AD domain.
And will able to use MSCAPv2 to authenticate your AD account.
0
Zyxel Employee
Categories
- All Categories
- 384 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 79 Nebula Status and Incidents
- 5.1K Security
- 70 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 70 Switch Ideas
- 907 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 210 Service & License
- 332 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 885 Nebula FAQ
- 415 Security FAQ
- 227 Switch FAQ
- 198 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 73 About Community
- 63 Security Highlight
