Mobile VPN Access with Active Directory
Mobile VPN SSL access with AD is being setup on a WG m370. AD was setup in WatchGuard and tested the setup via Fireware Web UI successfully. The VPN client was downloaded and installed but VPN connection failed. Logging was enabled for the VPN policy, but I don't see anything in the monitor. Why would the connection fail being logged?
0
Sign In to comment.
Comments
What AD group name have you set up in the firewall SSLVPN config ?
Have you added users to that AD group?
You can turn on diagnostic logging for authentication which may show something to help:
. Policy Manager: Setup -> Logging -> Diagnostic Log Level -> Authentication
or
. Web UI: System -> Diagnostic Log
Set the slider to Information or higher
An AD group called Office VPN was created. I added myself to the group. Office VPN was added to the FROM in the SSLVPN policy. Additional logging was added for Authentication and the level was set to debug. The connection fails and no additional logging is occurring. The VPN client never getting past the message "contacting server". I am using the WG's external IP as the server.
If testing from behind the firewall:
. Check the WatchGuard SSLVPN policy From: field- make sure that includes the interface name or interface type (ie. Any-trusted)
. Try using the IP addr of the firewall interface to which the client is connected
You can turn on Logging on this policy to see packets allowed by it in Traffic Monitor.
You can also turn on diagnostic logging for SSLVPN which may show something to help:
In WSM Policy Manager: Setup -> Logging -> Diagnostic Log Level -> VPN -> SSL
In the Web UI: System -> Diagnostic Log
Set the slider to Information or higher
You can check the SSLVPN client logs - right click on the client icon in the Windows System Tray - select View Logs
The client reported "Failed to get domain name".
Nothing in Traffic Monitor to help?
Review this:
Troubleshoot Mobile VPN with SSL
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/mvpn/ssl/mvpn_ssl_tshoot_c.html
The mobile VPN wizard must have set it up to use 8443 instead of 443. I added this to the client serer name. IP:8443 and it worked. Thanks for your help.