IKEv2 VPN with Client Certificates

Hi Everyone,

I have a newly created IKEv2 vpn up and working but since we want to deploy to our client devices via Intune, I would like to setup authentication via certificate if possible.

We already have user certificates deployed via scep and these work with NPS for connecting to wifi via radius/nps. We are using the same radius servers for the IKE VPN so just need to switch the watchguard over to use them.

After reading everything (https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/certificates/authentication_mvpn_ikev2.html), it doesn't seem clear how this would be done. Any ideas or does anyone have this working?



  • Options

    In the Security section of the IKEv2 client VPN setup in XTM, you can change the Type: from "Firebox-Generated Certificate" to "Third Party Certificate".

    As I have not done this (I use the Firebox cert), I can't comment on the cert requirements as shown in the "Configure a Certificate for Authentication" section.

  • Options

    Hi Bruce.

    I am already using a 3rd party certificate there but it was for the client authentication inbound. Currently its username/password but I am trying to use a scep certificate against the radius server instead...

Sign In to comment.