NAT - Secondary RDP Port - AzureAD vs Local logins

Using USG210-4.65(AAPI.0)
Trying to configure NAT for a secondary RDP connection port. Having issues connection to a AZUREAD account and not local account. Internal LAN RDP works just fine on with both a local and AZUREAD accounts. But I can't get both to work through NAT. The local account will connect and login in. The AZUREAD account will connect but login fails. Any Ideas?

All Replies

  • Jeremylin
    Jeremylin Posts: 166  Master Member
    edited July 2021
    Do you authenticated account by LDAPs? Zyxel device doesn't support SAML( Azure AD) but support LDAPs(Azure AD DS), so that need to use Azure AD DS integrate with Azure AD. 

    I am not sure do you mean you NAT to internal Server with RDP service, and login fail if authenticated by AZUREAD account?
    The "Local account" do you mean it's from local AD?

    Regarding to Azure AD, you can reference this example
    https://community.zyxel.com/en/discussion/10030/use-azure-active-directory-to-authenicated-vpn-access
  • JeremyHowes
    JeremyHowes Posts: 2
    edited July 2021
    Thanks Jeremy for the feedback. We only use AzureAD as we have no local servers. When I say local user, its the local account on the PC we are try to connect to. I upgraded to 4.65, because the security advisory from Zyxel.
  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    edited July 2021
    @JeremyHowes
    Can you collect the packet on wan, and Lan which PC located, and set AD's IP as Host IP during reproducing issue then private message the packet to me for investigation. 
    EX:

Security Highlight