143
2 Click Configuration > Object > User/Group and create a user account for the USG IPSec
VPN Client user.
3 Then, enable Configuration Provisioning in Configuration > VPN > IPSec VPN >
Configuration Provisioning and configure it to allow the newly created user to retrieve this rule’s
settings using the USG IPSec VPN Client.
4 On the USG IPSec VPN Client, select Configuration > Get From Server.
5 Enter the WAN IP address or URL for the USG. If you changed the default HTTPS port on the USG,
then enter the new one here. Enter the user name (Login) and and password exactly as configured
on the USG or external authentication server. Click Next.
6 Click OK. The rule settings are now imported from the USG into the USG IPSec VPN Client.
3.4.3 What Can Go Wrong
• VPN rule settings violate the the USG IPSec VPN Client restrictions:
Check that the rule does not contain AH active protocol, NULL encryption, SHA512
authentication, or a subnet/range remote policy.
The USG IPSec VPN Client can also indicate rule violations. Check its warning screen.
Although the rule settings may be valid, whether the tunnel actually works depends on the
network environment. For example, a remote policy IP address for a server may be valid, but
the server may be down or have an actual different IP address.
• There is a login problem:
Reenter the user name (Login) and password in the USG IPSec VPN Client exactly as
configured on the USG or the external authentication server.
Check that the client authentication method selected on the USG is where the user name and
password are configured . For example, if the user name and password are configured on the
USG, then the configured authentication method should be Local.
• There’s a network connectivity problem between the USG and the USG IPSec VPN Client:
To Next Page
Loading...
