USG310 - IPSEC Client & Certificate & AD

weite
weite Posts: 16  Freshman Member
First Anniversary First Comment
edited April 2021 in Security
I have a question.We use the ZyXEL IPSEC VPN client to authenticate ourselves with certificates. Now we have to import the public user certificate from the Active Directory into the USG. Is a authentication directly via Active Directory  possible? Of course with certificates, not with username and password.

We have to import the same certificates on some USGs and want to make our way easier. A central solution ist to authenticate with certificates directly on the Active Directory.
Is this possible?


All Replies

  • Jeremylin
    Jeremylin Posts: 166  Master Member
    First Anniversary First Answer First Comment
    Do you want Ipsec VPN client to do the authentication without username/password(authenticate with certificate)?

  • weite
    weite Posts: 16  Freshman Member
    First Anniversary First Comment
    Yes. We are currently using the IPSEC client with certificates that we import into the usg.
    I've written that we create the certificates over the Active Directory. Sorry that's not corrrect. We use our Certification Authority. So, the question is. Is it possible to authenticate direct on the CA? At the moment we must import the certificates on more than one USG. The easiest way is to authenticate direct over the CA, so I think. But is this possible?


  • Jeremylin
    Jeremylin Posts: 166  Master Member
    First Anniversary First Answer First Comment
    I think the certificate still need to be imported to each USG and Ipsec clients, since its self-signed cert.
  • weite
    weite Posts: 16  Freshman Member
    First Anniversary First Comment
    Thanks for your answers. I contacted the support and that told me that I must install the certificates on each USG, there is no way to use the CA.

Security Highlight