05-11-2012 07:20 AM
I have created a dial up vpn policy on a ssg-5 using the wizzard.
I have used a single user profile for ID and now I wan't to allow multiple use of this user ID.
But I get errors when I try to change it:
First I get: user ike id check failed
Then I get: You can only change the user status, IKE options and/or password for the current user.
Is there a work around for that?
Solved! Go to Solution.
05-11-2012 08:46 AM
You need to remove the user from the active VPN that they are currently tied to before you can make the change.
05-13-2012 12:00 PM
Thanks. that worked.
Isn't it possible to use the same user on multiple connections? If I try to use a user with "Number of Multiple Logins with Same ID" lager than 1 it's told that I have to use a group. If I put this user in a group, I'm told that I have to enalbe xauth.
05-13-2012 12:13 PM
If I try to set the vpn to Dynamic with a remote id provided I get:
VPN "VPN for Any" which use this IKE gateway have manually configured proxy ID
fail set non-dial-up gateway
Error in set ike gateway.
05-15-2012 12:25 AM
Yes you need to use IKE and Xauth please see
05-15-2012 04:27 AM - edited 05-15-2012 04:34 AM
You don't actually have to use XAuth (you can use a shared IKE user in a group with additional IKE users containing similar IKE IDs) but it's recommended for additional security.
You can't edit a user that's currently in use by a VPN gateway, so the easiest way (other than deleting the VPN definition and starting from scratch) is to create a temporary dummy IKE user, then modify the VPN gateway to use this user. You should now be able to edit the original user (bumping up the Multiple Logins number), add it to a new group, modify the VPN gateway again to use the new group containing the original IKE user, and delete the dummy user.
You now have a choice between adding additional IKE users, or additional XAuth users.