Identity Awareness AD Query fails over VPN tunnel

Support Center > Search Results > SecureKnowledge Details

Technical Level

Solution ID	sk105950
Technical Level
Product	Identity Awareness, IPSec VPN
Version	All
Platform / Model	All
Date Created	07-May-2015
Last Modified	11-May-2015

Symptoms

Identity Awareness AD Query fails over VPN in the following topology:
Hosts - Identity Awareness Gateway ---(VPN)--- VPN Peer - Domain Controller
Debug of PDP daemon ("pdp debug set all all") shows in $FWDIR/log/pdpd.elg file:

[ADLOG_EVENT_PROCESS (TD::Surprise)] ADLOG::EventRejectRegExpFilter::acceptEvent: Event rejected due to field (ip) on value (<INTERNAL_IP_ADDRESS_of_VPN_PEER>)
where <INTERNAL_IP_ADDRESS_of_VPN_PEER> is the IP address of the internal interface (on VPN Peer) facing the remote Domain Controller

Cause

If the PDP resides on the local side of the VPN, where the connection is initiated and undergoes NAT, it will be rejected as invalid.

Solution

Note: To view this solution you need to Sign In .