USG IPSec as Remote Client - possible to import a certificate

Loft_Network

Dear,

I would like to connect to a site as remote client. We use Certificates so far.

With the USG it seems to me it would suport Pre Shared Key's only.

Is it possible to import a Certificate to set-up the IPSec connection in the USG.

Regard

Loft

Zyxel_Cooldia

Hi @Loft_Network,
Welcome to Zyxel community.
You can change authentication from pre-shared key to certificate in VPN gateway phase 1.
It is in "CONFIGURATION > VPN > IPSec VPN"

Loft_Network

Thanks for the hint,

The issue is that in "my certivicates" there is the default from USG.

I was not able to import the given certificate from the provider.

So how to import the given certificate ?

thank you for further support

Zyxel_Cooldia

Hi @Loft_Network,
You can import 3rd party certificate at "CONFIGURATION > Object > Certificate".
Trusted certificate is for root certificates and intermediate certificates.
My Certificate is for end-entity certificate.(issued by a Certificate Authority)

Loft_Network

Hi Zyxel,

Thank you for your assistant. I missed the button at the bottom of the page "Import". Now I can import the certificate which is a `root certificates` given by the provider. In the VPN Gateway can select certificates from “my certificates” like end entity as you described.

Can you give me a hint how the get the given root certificate to get used n the VPN Gateway configuration? Any setting or conversion required?

 

Thank you for your guidance

Loft_Network

Dear Zyxel,

Thank you some much for the general support concerning this issue.

So finally, the question is how to configure and import an IPSec VPN setup.

Assuming in this case the VPN provider is NordVPN and a root certificate is given by the provider.

Looking forward for your feedback

Loft

Zyxel_Cooldia

Hi @Loft_Network,

It is unable to import a profile from NordVPN directly, you need to import root certificate and set up VPN phase 1, and phase 2 manually on USG.