TZ370: VPN users are able to connect to VPN with Mobile Connect but not with Global VPN Client

RESOLVED:
I finally figured out the issue. For whatever reason User group for XAUTH users setting in Group VPN policy was the cause. It was set to Sonicwall Administrators which its always been and its never caused a problem with GVC. But I changed it to Trusted Users and suddenly GVC started working again. Doesn’t make sense that it suddenly became an issue but at least it resolved the problem

----------------------------------------

With GVC they get prompted with the username and password dialogue box but when they enter it it fails. This happens from multiple locations. Below I have pasted the log file of the GVC client. Clearly the problem is not a user credential issue since it works from Mobile Connect. It was working fine last week. Any suggestions?Connection IP in logs has been hidden for security reasons obviously---------------------------

2023/09/18 12:12:41:982 Information The connection “*.*.*.*” has been enabled.2023/09/18 12:12:42:633 Information *.*.*.* Starting ISAKMP phase 1 negotiation.2023/09/18 12:12:42:679 Information *.*.*.* Starting aggressive mode phase 1 exchange.2023/09/18 12:12:42:679 Information *.*.*.* NAT Detected: Local host is behind a NAT device.2023/09/18 12:12:42:679 Information *.*.*.* The SA lifetime for phase 1 is 28800 seconds.2023/09/18 12:12:42:679 Information *.*.*.* Phase 1 has completed.2023/09/18 12:12:42:722 Information *.*.*.* Received XAuth request.2023/09/18 12:12:42:722 Information *.*.*.* XAuth has requested a username but one has not yet been specified.2023/09/18 12:12:42:722 Information *.*.*.* Sending phase 1 delete.2023/09/18 12:12:42:722 Information *.*.*.* User authentication information is needed to complete the connection.2023/09/18 12:12:42:754 Information An incoming ISAKMP packet from *.*.*.* was ignored.2023/09/18 12:12:54:567 Information *.*.*.* Starting ISAKMP phase 1 negotiation.2023/09/18 12:12:54:597 Information *.*.*.* Starting aggressive mode phase 1 exchange.2023/09/18 12:12:54:597 Information *.*.*.* NAT Detected: Local host is behind a NAT device.2023/09/18 12:12:54:597 Information *.*.*.* The SA lifetime for phase 1 is 28800 seconds.2023/09/18 12:12:54:597 Information *.*.*.* Phase 1 has completed.2023/09/18 12:12:54:632 Information *.*.*.* Received XAuth request.2023/09/18 12:12:54:632 Information *.*.*.* Sending XAuth reply.2023/09/18 12:12:54:632 Information *.*.*.* Received initial contact notify.2023/09/18 12:12:54:647 Information *.*.*.* Received XAuth status.2023/09/18 12:12:54:647 Information *.*.*.* Sending XAuth acknowledgement.2023/09/18 12:12:54:647 Warning *.*.*.* XAuth failed. (null)2023/09/18 12:12:54:647 Warning *.*.*.* User authentication has failed.2023/09/18 12:12:54:681 Information An incoming ISAKMP packet from *.*.*.* was ignored.2023/09/18 12:16:34:859 Warning *.*.*.* The username/password dialog box was cancelled by the user. The connection will be disabled.

​

GlobalVPN and mobile connect are two separate services.

GlobalVPN uses the GroupVPN settings.

Mobileconnect/Netextender use the SSLVPN settings.

The log extract suggests that the client side ended the connection request. Check the logs on the user side.

I ran into a similar issue recently when rolling out a Mobile connect VPN and it turned out to be an IPV6 issue. The fix was to configure Windows to prefer IPv4 Over IPv6, this does not mean disabling IPv6. In my case the VPN was immediately disconnecting at any point from submitting the password to trying to connect to the first server. the Event log showed that the VPN connection was dropping because the sofware asked it to (gracefull disconnect)

Oh ok. But the GroupVPN settings are unchanged and correct. As I mentioned it was working last week. All I did today was have them unplug and plug the Sonicwall back in router as they had no internet access this morning when they came in and it solved the problem. But for some reason GVC does not work now.

I finally figured out the issue. For the heck up I decided to change the User group for XAUTH users setting in Group VPN policy from Sonicwall Administrators which it has always been to Trusted Users and suddenly GVC started working again. Doesn’t make sense that it being set to Sonicwall Administrators suddenly became an issue since its always been set to that and was not causing issue with GVC but at least it resolved the problem