l2tp muvpn with certificate
Hi
I'm trying to understand how we can to authenticate muvpn with l2tp users with a certificate.
We already use l2tp muvpn with psk and we wish to switch to l2tp with certificate. I've read the guide but it's not clear how to realize this configuration:
Is it mandatory to have a management server and the firewall must be a managed device?
can we use a wild card third party certificate (bought from godaddy)?
alternatively can we use a certificate signed by internal CA authority (microsoft) making a CSR made by firebox?
anyone can clarify this?
Thanks!
0
Sign In to comment.
Answers
Q. Is it mandatory to have a management server
A. no
Q. and the firewall must be a managed device?
A. no
Q. can we use a wild card third party certificate (bought from godaddy)?
A. yes
Q. alternatively can we use a certificate signed by internal CA authority
A. yes
From the docs:
"When a Mobile VPN with L2TP tunnel is created, the identity of each endpoint must be verified with a key. This key can be a passphrase or pre-shared key (PSK) known by both endpoints, a third-party certificate or self-signed certificate, or a certificate from the Management Server."
Certificates for Mobile VPN with L2TP Tunnel Authentication
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/certificates/authentication_mvpn-l2tp_c.html
You can manage certs using the Web UI, including importing certs or CRLs
Manage Device Certificates (Web UI)
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/certificates/cert_manage_with_webui_web.html