Re: Client To Gateway VPN based on AD users (Identity Based)
The MLC is a passive authentication method, and it's only used for Passport creation. For VPNs, you can use XAUTH as a secondary authenticator (after passwords or certificates). XAUTH can only use 'active' authenticators, like LDAP, AD, or Password (authenticators where you have to actively enter your credentials). You cannot use MLC to authenticate users as part of the VPN setup.
You should be able terminate your VPN in a virtual burb and then setup Passport/MLC on whatever rules you use to pass this VPN traffic through the firewall. That would require the users on the other end to login to your DC via the VPN somehow (i.e. the domain controller IP needs to be in the protected network of the VPN, from the client's point of view).
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.