cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

VPN Identity Awareness

Hi all,

I'm trying to setup VPN for a remote site utilizing Identity Awareness.  The remote site doesn't have any local domain controllers, but it is connected via site2site tunnel with another site that has the domain controllers. 

When trying to connect via the End Point client the status hangs at 47% and then fails.

2019-04-04_1339.png

Here is the gateway's AD Query Status

2019-04-04_1349.png

 

Can anyone assist?

Thanks!

 

 

0 Kudos
4 Replies
Admin
Admin

Re: VPN Identity Awareness

Hi, a few questions here:

What version of gateway(s) involved here?
What version/flavor of VPN client?
Does the client encryption domain include the AD servers on the remote site?
Can the same client connect to other gateways ok?
0 Kudos

Re: VPN Identity Awareness

What version of gateway(s) involved here?  Both gateways are on R77.30
What version/flavor of VPN client?

2019-04-05_1034.png
Does the client encryption domain include the AD servers on the remote site? So the AD servers sit on a 10.1.1.x/24 network.  That network is defined in the encryption domain of the other gateway but not the encryption domain of the gateway I'm trying to connect to.  Do I need to add that network to the encryption domain of the gateway I am connecting to?
Can the same client connect to other gateways ok? Yes, I can connect to other gateways with the same client.

0 Kudos
Admin
Admin

Re: VPN Identity Awareness

The gateway you're connecting to shouldn't have the remote AD server's network as part of it's encryption domain.
That said, I think both gateways need to be part of the same RemoteAccess community.
Is that the case here or not?
0 Kudos

Re: VPN Identity Awareness

The gateway that I am connecting to does not have the AD server network in its encryption domain, and both gateways are part of the same RemoteAccess Community.

0 Kudos