Comments

  • Hi James, I guess that makes sense as with split-tunnel, you are only permitting explicit traffic through the VPN rather than the other way around. Is there a way to do something like the Palo Alto setup?…
  • Bruce, Thanks; exploring the IPSec client app (which so far seems to work pretty well). May revisit the IKEv2 issue at a later date.
  • Hi James, Sorted out an initial IKEv2 configuration and got it working on Windows 10 okay. Turning to OS X (Big Sur), importing the Mac-version of the profile seemed to work (prompted to add the profile, VPN configuration is completed with the same remote server address/remote ID (FQDN), but no Local ID (guess it's not…
  • Bruce, Looking over logs, a reference to the L2TP-Users group popped up; checked group enrollment in AD and removed my account from all but the IKEv2-Users group; seems to work now. However is only true on my work Windows 10 laptop; installing the same profile for OS X (Big Sur), the connection starts, holds for about 5…
  • I've managed to get the connection going (IKEv2), but using the automatically generated 'IKEv2-Users' group in firewall policy seems to have no effect (even though 'L2TP-Users' in the same policy DOES work. For example, I set up a policy that forces VPN users to go through a bandwidth-controlled HTTP/HTTPS proxy but I'm…
  • I know it's supposed to work but having challenges; any chance you are able to confirm what the ACL configuration are on those Cisco devices?
  • Did a little more reading & testing; turns out: User and group names on your Active Directory server are case-sensitive. When you add a user or group to your Firebox, the user or group name must have the same capitalization used in the name on the Active Directory server.…