USG 20-VPN using smartcard client authentication
Freshman Member
Hi there
Here's what I try to do:
IKEv2 VPN using a smartcard as the means to authenticate connecting users against my active directory.
I did manage to configure the USG so it accepts connections that use X-Auth mschapv2 as long as I do configure my windows 10 vpn clients to use a username / password combination. In that case the tunnel connects and everything works as expected.
If I tell my win10 client to use the smartcard though, the tunnel does not connect and after some time win10 tells me, that "the context has expired and can no longer be used".
The logs on the Zywall look identical in both cases up to the point where the Authentication Server says:
RADIUS: Accepting the user '[username]'. If I use a username / pw combo, after that the IKE log goes on up until where the tunnel is established and operational. If I use a SmartCard though, the IKE log stays empty after that and the above behavior occurs.
So I guess that I do something horribly wrong here. But having spent a good couple hours on this without any further success, I think I do need some help from the folks who actually know what they are doing.
I'd appreciate any help a lot!
Thanks
Rene
Here's what I try to do:
IKEv2 VPN using a smartcard as the means to authenticate connecting users against my active directory.
I did manage to configure the USG so it accepts connections that use X-Auth mschapv2 as long as I do configure my windows 10 vpn clients to use a username / password combination. In that case the tunnel connects and everything works as expected.
If I tell my win10 client to use the smartcard though, the tunnel does not connect and after some time win10 tells me, that "the context has expired and can no longer be used".
The logs on the Zywall look identical in both cases up to the point where the Authentication Server says:
RADIUS: Accepting the user '[username]'. If I use a username / pw combo, after that the IKE log goes on up until where the tunnel is established and operational. If I use a SmartCard though, the IKE log stays empty after that and the above behavior occurs.
So I guess that I do something horribly wrong here. But having spent a good couple hours on this without any further success, I think I do need some help from the folks who actually know what they are doing.
I'd appreciate any help a lot!
Thanks
Rene
0
Accepted Solution
-
Hello Rene,
On the IKEv2 scenario, the smart card does not support by USG Series, so for this case, the configuration of X-Auth mschapv2 on windows 10 vpn clients could be suitable as your request.
Charlie5
Zyxel Employee
All Replies
-
Hello Rene,
On the IKEv2 scenario, the smart card does not support by USG Series, so for this case, the configuration of X-Auth mschapv2 on windows 10 vpn clients could be suitable as your request.
Charlie5
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 151 Nebula Ideas
- 98 Nebula Status and Incidents
- 5.7K Security
- 277 USG FLEX H Series
- 277 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.4K Consumer Product
- 250 Service & License
- 395 News and Release
- 85 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 74 Security Highlight
