IKEv2 authentication

efes9999 · June 2022

We have an IKEv2 mobile vpn on a M370 running 12.7.2. We would like to have this vpn used by users residing on Firebox-DB as well as external users via Radius.
Both Firebox-DB and the Radius server is checked under IKEv2->Authentication.
When Firebox-DB is the default authentication server, Firebox-DB users can login, but Radius users can't. If we set the Radius server as the default, then the Radius users can login, but Firebox-DB users can't.
The IKEv2 connection is made from Windows 10, and it only asks for a username and password. Not sure how we can specify that the user is a Radius user. Also I dont understand why we need to; i.e. why doesn't Watchguard look for the user if there are multiple authentication servers used?

In any case how can we have both set of users be able to login?
Thanks, Matt

Bruce_Briggs · June 2022

"If the Mobile VPN with IKEv2 configuration on the Firebox includes more than one authentication server, and you want to authenticate to an authentication server that is not the default authentication server, specify an authentication server name before the user name. For example, specify RADIUS\jsmith. For more information aboutthe user name format, see the User Name Format section."

From here:
Configure Windows Devices for Mobile VPN with IKEv2
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/mvpn/ikev2/mvpn_ikev2_windows_client.html

efes9999 · June 2022

Thanks Bruce, it worked. Much appreciated.

IKEv2 authentication

Comments