Comments
-
I'm not exactly sure why, but I ended up restarting the NPS service and then restarting the Duo Auth Proxy service and it started working! Must have had something change that still needed it to restart one more time. Happy camper! Thanks for the help!
-
That makes sense....but I can't find anything that looks out of place, or wrong names.... in AD I'm using the group name WG - IKEv2-Users, but that's also the name on my policy.
-
IKEv2-Users I mean...sorry, kb issues. :)
-
I have a policy set up that allows my IKEV@_Users group to ANY
-
After I authenticate, I can see my user on the authentication list on the WG as an IKEv2 user.
-
yep, I can see the approved auth on the Duo admin console.
-
2023-03-31 14:39:13 PKC-M470-1 Deny x.x.x.x y.y.y.y dns/udp 52930 53 3-X3-DCN 1-X1-LAN Denied 69 127 (Unhandled External Packet-00) proc_id="firewall" rc="101" msg_id="3000-0148" src_user="myuser@RADIUS" where x is the client IP that it is getting from the WG and y is the DNS server internally on the LAN....myuser is my AD…
-
The traffic monitor shows my src_user=myusernam@RADIUS, but it's not acting like it's using that user or groups to allow traffic.