This article describes that when an IPsec dial-up tunnel is configured to use ‘aggressive’ mode, there will be an option to use ‘Accept types’ for ‘Peer Options’.

This option will only be available after converting the IPsec tunnel to a custom tunnel.

On CLI, when a user tries to assign the option ‘peer id from dialup group’ in the dial-up IPsec tunnel:

config vpn ipsec phase1-interface

(phase1-interface) # edit <phase1 name>

(phase1 name) # set peertype dialup

(phase1 name) #set usrgrp <usergroup name>

Error: auth_user not a local user

node_check_object fail! for usrgrp <usergroup name>

value parse error before 'test'

Command fail. Return code -1

On the GUI, an error '-1: Invalid length of value’ will be visible when a user tries to assign a user group to the option ‘'peer id from dialup group’.

A user group can only be assigned/used in option 'peer id from dialup group' if every user in that group is locally created or if the user group has a group firewall type, it needs to have local users as it's members. Imported Remote LDAP users or Remote RADIUS users cannot be used as members in the group. If Remote LDAP users or Remote RADIUS users are used, it will show the error as described above in this article.