Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
nflnetwork29
Advisor
Jump to solution

Negotiation with Site failed - SAML

Mgmt R81.20

I have setup Azure Identity provider for SAML authentication .

When I try to connect i get prompted for Azure username/ password, then do my 2FA, then get redirected to a page that says VPN connection successful .

2023-05-12_9-16-24.jpg

However on the actual client i see that the connection failed with the following message

"Negotiation with site failed"

2023-05-12_8-43-20.jpg

I also checked azure sign logs and it shows a successful sign-on ,

Any ideas what could be the issue?

I am using latest E87.30 vpn client software

 

0 Kudos
1 Solution

Accepted Solutions
4 Replies
the_rock
Legend
Legend

Personally, I would collect client logs and have a look, as well as below from gateway:

1) First, please set up the client side debug. (On the workstation)
    Right click on the client icon --> VPN Options --> Advanced --> enable logging checkbox --> click close.
    Enable extended logging instead of basic if there is an option. 
 
2) Initiate VPN debug on the FW:
# rm $FWDIR/log/ike.elg.*
# rm $FWDIR/log/ikev2.xmll.*
# rm $FWDIR/log/iked.elg.*
# rm $FWDIR/log/vpnd.elg.*
# rm $FWDIR/log/legacy_ike.*
# rm $FWDIR/log/legacy_ikev2.xmll.*
# > $FWDIR/log/ike.elg
# > $FWDIR/log/ikev2.xmll
# > $FWDIR/log/iked.elg
# > $FWDIR/log/vpnd.elg
# > $FWDIR/log/legacy_ike.elg
# > $FWDIR/log/legacy_ikev2.xmll
# vpn debug trunc
# vpn debug on TDERROR_ALL_ALL=5
 
3) <<<<Replicate the issue>>>>>
 
4) Stop VPN debug on the FW:
# vpn debug off
# vpn debug ikeoff
 
5) Right click on the client icon --> VPN Options --> Advanced --> collect logs --> click close.

0 Kudos
the_rock
Legend
Legend

Hey @nflnetwork29 ...any luck with this?

Andy

0 Kudos
nflnetwork29
Advisor
the_rock
Legend
Legend

Excellent, thanks for sharing! 👍

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events