USG310 - IPSEC Client & Certificate & AD

weiteweite Member Posts: 7  Freshman Member
I have a question.We use the ZyXEL IPSEC VPN client to authenticate ourselves with certificates. Now we have to import the public user certificate from the Active Directory into the USG. Is a authentication directly via Active Directory  possible? Of course with certificates, not with username and password.

We have to import the same certificates on some USGs and want to make our way easier. A central solution ist to authenticate with certificates directly on the Active Directory.
Is this possible?


All Replies

  • JeremylinJeremylin Member Posts: 109  Ally Member
    Do you want Ipsec VPN client to do the authentication without username/password(authenticate with certificate)?

  • weiteweite Member Posts: 7  Freshman Member
    Yes. We are currently using the IPSEC client with certificates that we import into the usg.
    I've written that we create the certificates over the Active Directory. Sorry that's not corrrect. We use our Certification Authority. So, the question is. Is it possible to authenticate direct on the CA? At the moment we must import the certificates on more than one USG. The easiest way is to authenticate direct over the CA, so I think. But is this possible?


  • JeremylinJeremylin Member Posts: 109  Ally Member
    I think the certificate still need to be imported to each USG and Ipsec clients, since its self-signed cert.
  • weiteweite Member Posts: 7  Freshman Member
    Thanks for your answers. I contacted the support and that told me that I must install the certificates on each USG, there is no way to use the CA.
Sign In to comment.