USG60W - L2TP and Microsoft Azure

Antares3000
Antares3000 Posts: 19  Freshman Member
Hi. I ve configured a VPN L2TP IPSec in a USG60W. Now i m using local users for authentication. Everything works fine.

I would change local authentication using the users of a specific domain of a tenant of Microsoft Azure.

Is there a guide for configuring it? USG side and Azure side.

Thanks

CB

Accepted Solution

  • Antares3000
    Antares3000 Posts: 19  Freshman Member
    Accepted Answer
    I success configuring LDAP & AD AAA Server and Auth Method. Had to make lot of tes but it works

All Replies

  • Antares3000
    Antares3000 Posts: 19  Freshman Member
    I already read that discussion.

    I used Azure AD DS to issue LDAPs. Azure side everything is clear and ok. I did like here:

    https://docs.microsoft.com/it-it/azure/active-directory-domain-services/tutorial-configure-ldaps

    However Zyxel side not clear. Don't know exactly the parameters to set. Don't know if certificate client for LDAPs is needed and how to configure it in USG. Isn't a guide for configuring LDAPs step by step in details? 
  • Blabababa
    Blabababa Posts: 139  Ally Member
    Can you share some tips with us? I have similar problem when deploying this as well. Thanks.
  • Antares3000
    Antares3000 Posts: 19  Freshman Member
    Follow the guide i posted. You will be able to enable LDAPS without problem. Than, download a ldap viewer. For example http://ldapadmin.org. In this way you will be able to check if everythink works fine with your LDAPS. The only things that is not clearly explained is that you have to be able to reach LDAPS. So you have to open 636 port on network adapter of your public ip in azure or create a vpn connection to azure infrastructure. First solution is not safely...but you can use it for test purpose. After you did it, identify your right attribute to use in your firewall. You will know that the attributes are right when test is ok. This is how it works biefly... however if need details for solving specific problem, please descrive the specific problem

Security Highlight