IKEv2 VPN with Client Certificates
Hi Everyone,
I have a newly created IKEv2 vpn up and working but since we want to deploy to our client devices via Intune, I would like to setup authentication via certificate if possible.
We already have user certificates deployed via scep and these work with NPS for connecting to wifi via radius/nps. We are using the same radius servers for the IKE VPN so just need to switch the watchguard over to use them.
After reading everything (https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/certificates/authentication_mvpn_ikev2.html), it doesn't seem clear how this would be done. Any ideas or does anyone have this working?
Cheers
Ryan
1
Sign In to comment.
Comments
In the Security section of the IKEv2 client VPN setup in XTM, you can change the Type: from "Firebox-Generated Certificate" to "Third Party Certificate".
As I have not done this (I use the Firebox cert), I can't comment on the cert requirements as shown in the "Configure a Certificate for Authentication" section.
Hi Bruce.
I am already using a 3rd party certificate there but it was for the client authentication inbound. Currently its username/password but I am trying to use a scep certificate against the radius server instead...
Hey RyanNiblett, have you figured out a solution? Is this possible in general?
I had this exact same question a few years back and ended up logging a support call.
Short answer it's not possible yet, but on their list.
They tagged it as an enhancement on their list FBX-7518 which might help if you open a support call and mention that ID.