IKEv2 VPN with Client Certificates
I have a newly created IKEv2 vpn up and working but since we want to deploy to our client devices via Intune, I would like to setup authentication via certificate if possible.
We already have user certificates deployed via scep and these work with NPS for connecting to wifi via radius/nps. We are using the same radius servers for the IKE VPN so just need to switch the watchguard over to use them.
After reading everything (https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/certificates/authentication_mvpn_ikev2.html), it doesn't seem clear how this would be done. Any ideas or does anyone have this working?
Sign In to comment.
In the Security section of the IKEv2 client VPN setup in XTM, you can change the Type: from "Firebox-Generated Certificate" to "Third Party Certificate".
As I have not done this (I use the Firebox cert), I can't comment on the cert requirements as shown in the "Configure a Certificate for Authentication" section.
I am already using a 3rd party certificate there but it was for the client authentication inbound. Currently its username/password but I am trying to use a scep certificate against the radius server instead...