Support Center > Search Results > SecureKnowledge Details
Remote Access clients cannot connect to Security Gateway when Multi Factor Authentication (MFA) is enabled Technical Level
Symptoms

  • VPN Remote Access clients that do not support Multi Factor Authentication (MFA), such as Mac OS and iOS, cannot connect as Remote Access clients, if Multiple login options (MFA) is enabled (while older clients can connect without MFA) after an upgrade to:

    • R80.40 Jumbo Hotfix Take 48
    • R80.30 Jumbo Hotfix Take 210
    • R80.20 Jumbo Hotfix Take 156
    • R80.10 Jumbo Hotfix Take 275

    Same issue occurs on base install of R80.30 for Quantum appliances.

  • The vpnd.elg file shows:

    [vpnd ...]@GW[DATE TIME][CLIENT_CONFIG] CCCMultiLoginOption::getRealmById: login option = vpn
    [vpnd ...]@GW[DATE TIME][CLIENT_CONFIG] CCCMultiLoginOption::isLoginOptionIDAllowed: vpn this realm is not allowed for the client
    [vpnd ...]@GW[DATE TIME][CLIENT_CONFIG][tunnel] InitXAuthConnectAuAuth Invalid realm. Aborting

    OR

    [vpnd ...]@GW[DATE TIME][CLIENT_CONFIG][CLIENT_CONFIG] CCCMultiLoginOption::isLoginOptionIDAllowed
    [vpnd ...]@GW[DATE TIME][CLIENT_CONFIG][CLIENT_CONFIG] CCCMultiLoginOption::getRealmById: login option =
    [vpnd ...]@GW[DATE TIME][CLIENT_CONFIG][CLIENT_CONFIG] CCCMultiLoginOption::isLoginOptionIDAllowed: does not exist
    [vpnd ...]@GW[DATE TIME][CLIENT_CONFIG][tunnel] FwIkeP1FetchUser Invalid realm. aborting

  • For Site-to-Site tunnels with Dynamically Assigned IP (DAIP) gateway, vpnd.elg shows:

    [vpnd ...]@GW[DATE TIME][tunnel] < FWIKE_EXCH_MAIN_MODE > Id = XXXXX
    [vpnd ...]@GW[DATE TIME][tunnel] < FWIKE_MM_PACKET_5_FETCH_PEER > Id = XXXXX
    [vpnd ...]@GW[DATE TIME][tunnel] MMProcess5FetchPeer: stage=0; idType=9;
    {{ peer_cannot_be_user=1; peer_cannot_be_dag=0;}}
    {{ peer_is_mobile_ip=0; peer_is_dag=0; peer_cannot_be_lsv=1; peer_is_lsv=0}}
    [vpnd ...]@GW[DATE TIME][tunnel] FwIkeP1FetchDaip: entering

    ...

    [vpnd ...]@GW[DATE TIME][tunnel] FwIkeP1FetchUser Invalid realm. aborting
    [vpnd ...]@GW[DATE TIME][tunnel] RespMMPacketError: error in FWIKE_EXCH_MAIN_MODE - FWIKE_MM_PACKET_5_FETCH_PEER
    [vpnd ...]@GW[DATE TIME][tunnel] TalkToEngine: Engine RC is << FWIKE_ERROR >>
    [vpnd ...]@GW[DATE TIME][tunnel] TalkToEngine: received Error reply from Engine
Solution
 Note: To view this solution you need to Sign In .
SECURE YOUR EVERYTHING

©

Copyright | Privacy Policy
Follow Us