Knowledge Base  >   VPN  > 

IKEv2 VPN with EAP Authentication from Windows to Vigor2136 by using the self-signed certificate

Vigor Router Setup

1. Create Root CA and a Local Certificate for VPN Service by referring to this article.

2. Active IPsec Service and Select the Self-Signed Certificate for IPsec VPN service.

3. Create a Teleworker VPN User Profile.

Go to VPN > Teleworker VPN, click Add, and enter the Username and Password.

In General Tab,

  • Status: Set to Active to enable the profile.
  • Group Policy: Select None if no specific group policy applies.
  • Expiration Time: Set the expiration time for the Telework VPN profile. Options include Never, after XX hours, or at a specified date and time.

    • In the Teleworker VPN tab,

  • Switch On Enable Teleworker VPN
  • Enter 0 (Seconds) for the Idle Timeout
  • Select the VPN Schedule
  • Under Allowed VPN Protocols, enable IPsec and check EAP.
  • In Local IP Assignment, choose a LAN subnet for Assign IP from the LAN DHCP or configure a static IP for Static IP.
  • Click Apply to save the settings.
    • Import Root CA to Windows from Microsoft Management Console

    4. Enter mmc in the search field then select Open to open the Microsoft Management Console.

    5. Select Add/Remove Snap-in via File.

    6. Select Certificate, click Add, select Computer account then click Next.

    7. Select Local computer then click Finish.

    8. Click OK to finish the add snap-in process.

    9. Right-click the Trusted Root Certification Authorities, select All Tasks and Import.

    10. The Certificate Import Wizard will pop up. Click Next to start the import.

    11. Click Browse to select the Root certificate, then click Next.

    12. We will see the message “The import was successful”. That means the certificate has been imported to this computer successfully.

    Windows SmartVPN Client Setup

    13. Open Smart VPN Client. Click Add to create a VPN profile.

  • Give it a Profile Name
  • Select IKEv2 EAP as the Type
  • Enter the VPN server’s IP or Hostname. Note: The VPN server’s IP or hostname must match the server information in the self-signed certificate.
  • Enter the User Name and Password.
  • Click OK to save the profile settings.

    • 14. Switch On Connect. The Dial to VPN window will pop up. Confirm the User Name and Password settings, then click OK.

    15. IKEv2 EAP connection by using the Router's self-signed certificate is up.

    Published On:2025-01-14 

    Was this helpful?   

    book icon

    Related Articles