USG: IPSEC modeconfig and radius questons

Dreadbit · October 2020

Hello, I'm using USG40 as a server (=main office) with roaming customers,

- Can I use modeconfig pushing from server in any other scenario except "Remote Access" scenario? I want to allow users to access main office internal network and do not capture customers default route.
- I [can] use Radius for authentificating IPSEC users (tried with IKE1, but sure IKE2/EAP will work too). Can I pass IP address for modeconfig via radius? What can I pass from Raduis to IPSEC server as Authorization info at all? Is there a document that describes that (and raduis dictonary)?
Thanks.

Jeremylin · October 2020

I have similar scenario on my environment.
As I know, the mode config only support when phase 2 select Remote Access. All VPN clients can access internal network. Not sure you mean do not capture customers default route.
The IP address are assigned from USG(Mode config) could not assign IP by Radius(authentication only)

Jeremylin · October 2020

I have similar scenario on my environment.
As I know, the mode config only support when phase 2 select Remote Access. All VPN clients can access internal network. Not sure you mean do not capture customers default route.
The IP address are assigned from USG(Mode config) could not assign IP by Radius(authentication only)

Dreadbit · October 2020

Thanks. Very pity to hear that radius can be used for Authentification but not for Authorization...

USG: IPSEC modeconfig and radius questons

Accepted Solution

All Replies

Categories

Security Highlight

Security Help Center