Chapter 21 IPSec VPN
USG20(W)-VPN Series User’s Guide
357
The following VPN Gateway rules configured on the USG cannot be provisioned to the IPSec VPN
Client:
• IPv4 rules with IKEv2 version
• IPv4 rules with User-based PSK authentication
•IPv6 rules
In the USG Quick Setup wizard, you can use the VPN Settings for Configuration Provisioning
wizard to create a VPN rule that will not violate these restrictions.
Figure 232 Configuration > VPN > IPSec VPN > Configuration Provisioning
Each field is discussed in the following table.
Table 140 Configuration > VPN > IPSec VPN > Configuration Provisioning
LABEL DESCRIPTION
Enable
Configuration
Provisioning
Select this for users to be able to retrieve VPN rule settings using the USG IPSec VPN client.
Client
Authentication
Method
Choose how users should be authenticated. They can be authenticated using the local
database on the USG or an external authentication database such as LDAP, Active Directory
or RADIUS. default is a method you configured in Object > Auth Method. You may
configure multiple methods there. If you choose the local database on the USG, then
configure users using the Object > User/Group screen. If you choose LDAP, Active
Directory or RADIUS authentication servers, then configure users on the respective server.
Configuration When you add or edit a configuration provisioning entry, you are allowed to set the VPN
Connection and Allowed User fields.
Duplicate entries are not allowed. You cannot select the same VPN Connection and
Allowed User pair in a new entry if the same pair exists in a previous entry.
You can bind different rules to the same user, but the USG will only allow VPN rule setting
retrieval for the first match found.
To Next Page
Loading...
