IKEv2 Integration with AuthPoint for Active Directory Users
Hi to the community. We have a Watchguard Firewall M290 on our HQ and 7 users that have IKEv2 VPN connections using FireboxDB accounts. We purchased 7 Authpoint licenses in order to be able to add MFA to these users. Since we are using Active directory i thought best to use the integration so that each users connects with his domaion account. I followed the official guide (https://www.watchguard.com/help/docs/help-center/en-US/Content/Integration-Guides/AuthPoint/firebox-ikev2-vpn-radius_authpoint.html) but for the love of me i can't connect no matter what. External identity passes connection test, security group from AD is synced, i can see the 7 users , i ahave assgned and activated a token for my user butwhen i try to connect i see in the traffic monitor logs that user not exist or wrong password. The synced to Authpoint group is added to IKEv2 authentication page and Authpoint is the default authentication server. The NPS is set up, maybe the issue is there ? I dont know how to test it. I believe everything is as it should be. Has anyone else had issues before ?
Comments
Hi @KostasG
There's several places where the reject could be coming from. If you're using RADIUS I'd suggest starting at the AuthPoint gateway.
C:\ProgramData\WatchGuard\AuthPoint\logs
C:\Program Files (x86)\WatchGuard\AuthPoint Gateway\
You should see a log file for the RADIUS portion of the authpoint gateway there. The newest logs will be at the bottom of that log file. Check to see if you see a reject there.
If the rejection appears to be coming from NPS, check your logs in the Windows Event Viewer.
See:
(Troubleshoot AuthPoint)
https://www.watchguard.com/help/docs/help-center/en-us/Content/en-US/authpoint/authpoint_troubleshoot.html
If that isn't helping, I'd suggest creating a support case via the support center link at the top right of this page.
-James Carson
WatchGuard Customer Support