[ATP/FLEX] How to Set up IKEv1 VPN tunnel and Authenticate with your AD server on Nebula Gateway

Options
Zyxel_Stanley
Zyxel_Stanley Posts: 1,367  Zyxel Employee
First Anniversary 10 Comments Friend Collector First Answer
edited June 2023 in VPN

Nebula Control Center provides a VPN solution that allows remote VPN users to connect VPN tunnels from Internet. This guide will assist in the configuration IKEv1 VPN tunenl and authenticating with exist AD domain server.

Set up external authentication server setting

Go to Configure > Firewall > Firewall settings and configure AD information in “My AD Server” and set up:

a. Authentication object name

b. AD Server IP address

c. AD service port

d. AD domain name

e. Domain admin account

f. Domain admin account password


Set up VPN setting on gateway

Go to Configure > Firewall > Remote access VPN page and enable IPSec VPN Server function and set up:

a. Client VPN Subnet.

b. IKE version

c. DNS server (optional or stay in default)

d. Secret key

e. Authentication Type.


Configure VPN setting on your iPhone

Go to Setting > General > VPN & Device Management > VPN and click on Add VPN Configuration button to create a VPN profile on your iPhone and set up:

a. VPN Type

b. VPN Description

c. Server IP address

d. AD account

e. AD account password

f. Secret key


Test the Result

After VPN tunnel is established, the status will display as Connected on your iPhone and a VPN icon displays on title bar.


You can also check the VPN client status on Nebula server.

Go to Monitor > Firewall > VPN Connections > Client to site VPN login account. It will display authenticated name, assigned IP, and incoming IP address.