https://community.checkpoint.com/t5/SASE-and-Remote-Access/MULTIPLE-DOMAINS-IN-REMOTE-ACCESS-VPN/m-p/190550#M4615 <P>Hi,</P><P>The configuration is the same with screenshots.</P><P>I also tried connect to the site with FQDN and IP address.</P><P>Also attached the log message from the failed connection, policy action is Key Install.</P> Fri, 25 Aug 2023 08:02:55 GMT spantazis 2023-08-25T08:02:55Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/MULTIPLE-DOMAINS-IN-REMOTE-ACCESS-VPN/m-p/190237#M4608 <P>Hello,</P><P>We have a cluster of 6400 firewalls. Client based Remote access VPN is enabled for our remote users.</P><P>In the beginning, all our users belonged in one domain (on premise AD, not Azure AD). So we configured rules properly (access roles based on OUs in AD, LDAP Groups, etc) for our remote access users.</P><P>However we want users from another domain to participate in the remote access VPN configuration. We created all the previous (access roles based on OUs in the other AD, LDAP Groups, etc) but when we try to enter credentials from the 2nd domain we receive the error "Negotiation with site failed".&nbsp;</P><P>Regards,</P><P>Ioannis</P> Wed, 23 Aug 2023 06:05:44 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/MULTIPLE-DOMAINS-IN-REMOTE-ACCESS-VPN/m-p/190237#M4608 spantazis 2023-08-23T06:05:44Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/MULTIPLE-DOMAINS-IN-REMOTE-ACCESS-VPN/m-p/190276#M4609 <P>Do you have multiple LDAP account units configured and what username format are the users attempting to authenticate with?</P> Wed, 23 Aug 2023 12:45:32 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/MULTIPLE-DOMAINS-IN-REMOTE-ACCESS-VPN/m-p/190276#M4609 Chris_Atkinson 2023-08-23T12:45:32Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/MULTIPLE-DOMAINS-IN-REMOTE-ACCESS-VPN/m-p/190283#M4610 <P>We have configured two LDAP account units. The username format is the user logon name in the AD. This works for users located in one of the LDAP account units but not working for the other one.&nbsp;</P> Wed, 23 Aug 2023 13:08:22 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/MULTIPLE-DOMAINS-IN-REMOTE-ACCESS-VPN/m-p/190283#M4610 spantazis 2023-08-23T13:08:22Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/MULTIPLE-DOMAINS-IN-REMOTE-ACCESS-VPN/m-p/190286#M4611 <P>Usually, that error negotiation with site failed would refer to IP or fqdn not responding from user's machine. Can you have them try with IP address instead of fqdn and see if same problem is there? Also, check the logs in smart console when they try connetc, it should give some clues.</P> <P>Andy</P> Wed, 23 Aug 2023 13:17:50 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/MULTIPLE-DOMAINS-IN-REMOTE-ACCESS-VPN/m-p/190286#M4611 the_rock 2023-08-23T13:17:50Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/MULTIPLE-DOMAINS-IN-REMOTE-ACCESS-VPN/m-p/190296#M4612 <P>Did you already try the configuration according to these screenshots to include all LDAP directories?&nbsp;<span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screenshot 2023-08-23 153655.png" style="width: 910px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/22181i0537C82F77E6EEAB/image-size/large?v=v2&amp;px=999" role="button" title="Screenshot 2023-08-23 153655.png" alt="Screenshot 2023-08-23 153655.png" /></span><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screenshot 2023-08-23 153819.png" style="width: 447px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/22182i5FD09D0E1478926F/image-size/large?v=v2&amp;px=999" role="button" title="Screenshot 2023-08-23 153819.png" alt="Screenshot 2023-08-23 153819.png" /></span></P><P>&nbsp;</P> Wed, 23 Aug 2023 13:40:14 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/MULTIPLE-DOMAINS-IN-REMOTE-ACCESS-VPN/m-p/190296#M4612 Daniel_3 2023-08-23T13:40:14Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/MULTIPLE-DOMAINS-IN-REMOTE-ACCESS-VPN/m-p/190297#M4613 <P>It looks like your GW is failing to authenticate the user, check VPN logs on the GW side.</P> Wed, 23 Aug 2023 13:43:43 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/MULTIPLE-DOMAINS-IN-REMOTE-ACCESS-VPN/m-p/190297#M4613 _Val_ 2023-08-23T13:43:43Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/MULTIPLE-DOMAINS-IN-REMOTE-ACCESS-VPN/m-p/190298#M4614 <P>Now, show User Directories please</P> Wed, 23 Aug 2023 13:44:31 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/MULTIPLE-DOMAINS-IN-REMOTE-ACCESS-VPN/m-p/190298#M4614 _Val_ 2023-08-23T13:44:31Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/MULTIPLE-DOMAINS-IN-REMOTE-ACCESS-VPN/m-p/190550#M4615 <P>Hi,</P><P>The configuration is the same with screenshots.</P><P>I also tried connect to the site with FQDN and IP address.</P><P>Also attached the log message from the failed connection, policy action is Key Install.</P> Fri, 25 Aug 2023 08:02:55 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/MULTIPLE-DOMAINS-IN-REMOTE-ACCESS-VPN/m-p/190550#M4615 spantazis 2023-08-25T08:02:55Z