Removing LDAP queries from the Implied Rules

Support Center > Search Results > SecureKnowledge Details

Technical Level

Solution ID	sk26059
Technical Level
Product	IPSec VPN
Version	All
Platform / Model	All
Date Created	29-Apr-2004
Last Modified	24-Apr-2018

Symptoms

"Wrong Username or PW" error when accessing VPN with SecureClient / SecuRemote due to inability to authenticate with LDAP address behind remote site.
Identity Awareness / Users cannot authenticate using Captive Portal:
"Login failed. If the issue persists please contact your administrator."
Mobile Access / Remote Access do not work due to failures in LDAP/AD queries.
LDAP queries are sent in clear text instead of encrypted traffic when working in Simplified Mode VPN. The packet does not enter the tunnel, but gets sent to the Internet with internal IP address as the destination.
"Test could not be completed. Check connectivity between the Management and the Gateway and try again"

Cause

When users attempt to authenticate, the LDAP queries are between the Remote Security gateway and the LDAP server. LDAP queries are defined as connections originating at the Security gateway and destined for the LDAP server. These LDAP queries are considered part of Security gateway Control Connections and are therefore performed before any rules in the Rule Base.
These connections are in clear text.

Solution

Note: To view this solution you need to Sign In .