Re: MULTIPLE DOMAINS IN REMOTE ACCESS VPN

spantazis · ‎2023-08-22

Hello,

We have a cluster of 6400 firewalls. Client based Remote access VPN is enabled for our remote users.

In the beginning, all our users belonged in one domain (on premise AD, not Azure AD). So we configured rules properly (access roles based on OUs in AD, LDAP Groups, etc) for our remote access users.

However we want users from another domain to participate in the remote access VPN configuration. We created all the previous (access roles based on OUs in the other AD, LDAP Groups, etc) but when we try to enter credentials from the 2nd domain we receive the error "Negotiation with site failed".

Regards,

Ioannis

Chris_Atkinson · ‎2023-08-23

Do you have multiple LDAP account units configured and what username format are the users attempting to authenticate with?

CCSM R77/R80/ELITE

spantazis · ‎2023-08-23

We have configured two LDAP account units. The username format is the user logon name in the AD. This works for users located in one of the LDAP account units but not working for the other one.

the_rock · ‎2023-08-23

Usually, that error negotiation with site failed would refer to IP or fqdn not responding from user's machine. Can you have them try with IP address instead of fqdn and see if same problem is there? Also, check the logs in smart console when they try connetc, it should give some clues.

Andy

Best,
Andy

Daniel_3 · ‎2023-08-23

Did you already try the configuration according to these screenshots to include all LDAP directories?

_Val_ · ‎2023-08-23

Now, show User Directories please

spantazis · ‎2023-08-25

Hi,

The configuration is the same with screenshots.

I also tried connect to the site with FQDN and IP address.

Also attached the log message from the failed connection, policy action is Key Install.

_Val_ · ‎2023-08-23

It looks like your GW is failing to authenticate the user, check VPN logs on the GW side.

Are you a member of CheckMates?

MULTIPLE DOMAINS IN REMOTE ACCESS VPN