USG IPSec as Remote Client - possible to import a certificate

Options
Dear,

I would like to connect to a site as remote client. We use Certificates so far.
With the USG it seems to me it would suport Pre Shared Key's only.

Is it possible to import a Certificate to set-up the IPSec connection in the USG.

Regard
Loft

All Replies

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,450  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    edited February 2022
    Options
    Hi @Loft_Network,
    Welcome to Zyxel community. :)
    You can change authentication from pre-shared key to certificate in VPN gateway phase 1.
    It is in "CONFIGURATION > VPN > IPSec VPN"

  • Loft_Network
    Options
    Thanks for the hint,
    The issue is that in "my certivicates" there is the default from USG.
    I was not able to import the given certificate from the provider.

    So how to import the given certificate ?

    thank you for further support
  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,450  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    Hi @Loft_Network,
    You can import 3rd party certificate at "CONFIGURATION > Object > Certificate".
    Trusted certificate is for root certificates and intermediate certificates.
    My Certificate is for end-entity certificate.(issued by a Certificate Authority)


  • Loft_Network
    Options

    Hi Zyxel,

    Thank you for your assistant. I missed the button at the bottom of the page "Import". Now I can import the certificate which is a `root certificates` given by the provider. In the VPN Gateway can select certificates from “my certificates” like end entity as you described.

    Can you give me a hint how the get the given root certificate to get used n the VPN Gateway configuration? Any setting or conversion required?

     

    Thank you for your guidance



  • Loft_Network
    Options

    Dear Zyxel,

    Thank you some much for the general support concerning this issue.

    So finally, the question is how to configure and import an IPSec VPN setup.

    Assuming in this case the VPN provider is NordVPN and a root certificate is given by the provider.


    Looking forward for your feedback

    Loft







  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,450  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    Hi @Loft_Network,

    It is unable to import a profile from NordVPN directly, you need to import root certificate and set up VPN phase 1, and phase 2 manually on USG. 

Security Highlight