Log in

Sangfor Support Center

Table of Contents
< All Topics
Print

[IAG] dkey user login failed–source IP does not match

Posted
Updated
Byadmin
Views3

Problem Description

The dkey user login failed and the message "Login failed" was displayed.

459315b970fa884ae2.png (26.15 KB)

Process——

  1. Confirm that there is no problem with Dkey, regenerate key login in the console, the phenomenon is still the same
  2. Use the console packet capture tool to capture the data packets interacting between PC and IAG. The port used for dkey authentication is UDP protocol port 980.
  3. Send the data packet to 400 engineers for decryption, and find that the IP address in the data packet does not match the IP address used for communication

    621655b97104510e85.png (94.96 KB)

    343295b97105824612.png (5.67 KB)
  4. Check the IP address of the PC. It is indeed the IP in the data packet. Confirm that NAT is passed between the PC and IAG.

    710475b9710c0a396e.png (1.83 KB)

Root cause

Confirm that the connection from PC to IAG goes through NAT
Dkey authentication users are not supported in NAT environments

solution

Coordinate to modify the network topology. NAT cannot be enabled between the PC using dkey and the IAG.

Original Link

https://support.sangfor.com.cn/cases/list?product_id=22&type=1&category_id=6443&isOpen=true