Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 39 subscribers
  • Views 776 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Use head office AD for remote office XG user portal authentication

Paul Warriner

Head office XG authenticates all AD user portal accounts without issue. Attempting to get remote XG's to also allow all head office AD accounts to utilize the remote's user portal for login purposes. 

RO Lan 192.168.6.x/24 -> RO Lan 172.30.255.6 -> HO Lan 172.30.255.20 -> HO Lan 192.168.20.x/24

RO Log viewer:

User "xxxx" failed to login to MyAccount through AD,Local authentication mechanism because of wrong credentials 

STAS log for a remote:

MSG [0x1684] 3/26/2020 04:32:00 : SSO_client_update_heartbeat: cr_node:192.168.6.1 is_active:0
DEBUG [0x17dc] 3/26/2020 04:32:00 : net_recvfrom: 9 bytes received
DEBUG [0x17dc] 3/26/2020 04:32:00 : SSO_server_RecvReqCR: 9 bytes received
DEBUG [0x17dc] 3/26/2020 04:32:00 : convert_netaddr_to_str: IP Address String: 172.30.255.6:6060
MSG [0x17dc] 3/26/2020 04:32:00 : SSO_server_RecvReqCR: received message code 102
MSG [0x17dc] 3/26/2020 04:32:00 : SSO_server_RecvReqCR: XG '172.30.255.6' is not Registered

Any thoughts appreciated.



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to Keyur

    Keyur,

    It is a metro ethernet handoff, so the IP 172.30.255.6 is a metro p2p handoff for the 192.168.6.x/24 network back to the head office.

    I have added the 172.30.255.x/24 to STAS as a monitored network, but the logons from a remote user portal fail with invalid credentials.

    Paul

Children
No Data
Unfiltered HTML