How to Resolve VPN Certificate Issues Between uOS and ZLD Devices?

Zyxel_Cooldia
Posts: 1,518
Zyxel Employee





Question:
What should I do if the self-generated certificate from uOS can't be used for IKEv2 VPN on ZLD devices?
Answer:
If you encounter an issue where a self-generated certificate from a uOS device cannot be used for an IKEv2 VPN gateway profile on ZLD devices, follow these steps:
- The issue arises due to the ZLD VPN module not supporting the ECDSA algorithm in certificates.
- As a workaround, regenerate the certificate using the RSA algorithm.
- Once the RSA certificate is ready, guide users to use the "get from server" option to download the IKEv2 profile from the ATP800 device.
- If clients use the native Windows VPN client, provide a script installation to clients. This script can be downloaded in the wizard's final steps.
- If an urgent firmware update is needed to resolve this issue, initiate a request to MDM for communication with PLM to allocate resources for support.
This solution allows the users to continue using the VPN without disruptions.
Tagged:
0
Categories
- All Categories
- 415 Beta Program
- 2.5K Nebula
- 152 Nebula Ideas
- 103 Nebula Status and Incidents
- 5.8K Security
- 297 USG FLEX H Series
- 282 Security Ideas
- 1.5K Switch
- 77 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.5K Consumer Product
- 254 Service & License
- 396 News and Release
- 85 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 87 About Community
- 76 Security Highlight