Configuring IPSec IKEv2 tunnel for dial up connection

Forum|Forum|1 year ago
May 11, 2025
2 replies
1277 views

Hi

I'm trying to setup IKEv2 tunnels for my remote access users. on IKEv1 i could assign tunnels to a user groups but when i change it to IKEv2, I can't find anywhere to assign the tunnel to a group. I'm using LDAP for user Authentication. how am i supposed to handle this?

Regards

Best answer by ebilcari

This limitation is explained on these articles:

Technical Tip: IKEv2 tunnel fails when LDAP based usergroup is used for EAP

Troubleshooting Tip: Using IKEv2 for a dial-up IPsec tunnel with a RADIUS server and Local user

sjoshi

Staff

Hi,

Can you share the snap where you are exactly not able to assign the group.

Share both working and non working snap for ikev1 and ikev2

Thanks, Salon

iamirreza13Author

Explorer II

Hi, thanks for the reply
this is the IKEv1 setting but when i change the version to IKEv2, this section disappears cause IKEv2 doesn't work with XAUTH, but no option for EAP appears either. i think it's only configurable via CLI, but i guess you can only use the EAP with RADIUS server and you can't do it with LDAP. Do you have any insight or solution about configuring this with LDAP?

iamirreza13Author

Explorer II

I've tried and did the configs via CLA and it works but only for local users and i assume RADIUS users, but it did not work with LDAP users. any suggestions?