Support Center > Search Results > SecureKnowledge Details
Remote Access clients cannot connect to Security Gateway when Multi Factor Authentication (MFA) is enabled Technical Level
Symptoms
  • VPN Remote Access clients that do not support Multi Factor Authentication (MFA), such as Mac OS and iOS, cannot connect as Remote Access clients, if Multiple login options (MFA) is enabled (while older clients are allowed to connect without MFA) after upgrade to:

    • R80.40 Jumbo Hotfix Take 48
    • R80.30 Jumbo Hotfix Take 210
    • R80.20 Jumbo Hotfix Take 156
    • R80.10 Jumbo Hotfix Take 275

    Same issue happens on base install of R80.30 for Quantum appliances.

  • The vpnd.elg file shows:

    [vpnd ...]@GW[DATE TIME][CLIENT_CONFIG] CCCMultiLoginOption::getRealmById: login option = vpn
    [vpnd ...]@GW[DATE TIME][CLIENT_CONFIG] CCCMultiLoginOption::isLoginOptionIDAllowed: vpn this realm is not allowed for the client
    [vpnd ...]@GW[DATE TIME][CLIENT_CONFIG][tunnel] InitXAuthConnectAuAuth Invalid realm. Aborting


    OR

    [vpnd ...]@GW[DATE TIME][CLIENT_CONFIG][CLIENT_CONFIG] CCCMultiLoginOption::isLoginOptionIDAllowed
    [vpnd ...]@GW[DATE TIME][CLIENT_CONFIG][CLIENT_CONFIG] CCCMultiLoginOption::getRealmById: login option =
    [vpnd ...]@GW[DATE TIME][CLIENT_CONFIG][CLIENT_CONFIG] CCCMultiLoginOption::isLoginOptionIDAllowed: does not exist
    [vpnd ...]@GW[DATE TIME][CLIENT_CONFIG][tunnel] FwIkeP1FetchUser Invalid realm. aborting


  • For Site-to-Site tunnels with DAIP gateway, vpnd.elg shows:

    [vpnd ...]@GW[DATE TIME][tunnel] < FWIKE_EXCH_MAIN_MODE > Id = XXXXX
    [vpnd ...]@GW[DATE TIME][tunnel] < FWIKE_MM_PACKET_5_FETCH_PEER > Id = XXXXX
    [vpnd ...]@GW[DATE TIME][tunnel] MMProcess5FetchPeer: stage=0; idType=9;
    {{ peer_cannot_be_user=1; peer_cannot_be_dag=0;}}
    {{ peer_is_mobile_ip=0; peer_is_dag=0; peer_cannot_be_lsv=1; peer_is_lsv=0}}
    [vpnd ...]@GW[DATE TIME][tunnel] FwIkeP1FetchDaip: entering

    ...

    [vpnd ...]@GW[DATE TIME][tunnel] FwIkeP1FetchUser Invalid realm. aborting
    [vpnd ...]@GW[DATE TIME][tunnel] RespMMPacketError: error in FWIKE_EXCH_MAIN_MODE - FWIKE_MM_PACKET_5_FETCH_PEER
    [vpnd ...]@GW[DATE TIME][tunnel] TalkToEngine: Engine RC is << FWIKE_ERROR >>
    [vpnd ...]@GW[DATE TIME][tunnel] TalkToEngine: received Error reply from Engine
Solution
Note: To view this solution you need to Sign In .