Hey all, I recently setup an IPSec VPN to replkace our SSL VPN using
Entra and SAML. I had an issue with setting an authusrgrp in the
phase1-interface and getting it to work with the user groups that are
SAML based. Unset authusrgrp in Phase-1 fixed ...
# show full vpn ipsec phase1-interface config vpn ipsec phase1-interface
edit "" set type dynamic set interface "wan1" set ip-version 4 set
ike-version 2 set local-gw set keylife 86400 set
authmethod psk unset authmethod-remote set peertype any set ...
Ended up creating multiple Phase-1 interfaces for each dept\group with
unique DH groups for each. Created PKI groups with unique subjects for
each OU\dept, and unique IP pools for each P1 interface - now IPSec with
SAML and certificates is working pe...
