Support Center > Search Results > SecureKnowledge Details
Identity Awareness AD Query fails over VPN tunnel Technical Level
Symptoms
  • Identity Awareness AD Query fails over VPN in the following topology:
    Hosts - Identity Awareness Gateway ---(VPN)--- VPN Peer - Domain Controller

  • Debug of PDP daemon ("pdp debug set all all") shows in $FWDIR/log/pdpd.elg file:

    [ADLOG_EVENT_PROCESS (TD::Surprise)] ADLOG::EventRejectRegExpFilter::acceptEvent: Event rejected due to field (ip) on value (<INTERNAL_IP_ADDRESS_of_VPN_PEER>)

    where <INTERNAL_IP_ADDRESS_of_VPN_PEER> is the IP address of the internal interface (on VPN Peer) facing the remote Domain Controller
Cause

If the PDP resides on the local side of the VPN, where the connection is initiated and undergoes NAT, it will be rejected as invalid.


Solution
Note: To view this solution you need to Sign In .