Configure Access Interfaces for Remote Access VPN
The Access Interface table lists the interface groups and security zones that contain the device interfaces. These are configured for remote access SSL or IPsec IKEv2 VPN connections. The table displays the name of each interface group or security-zone, the interface trustpoints used by the interface, and whether Datagram Transport Layer Security (DTLS) is enabled.
Procedure
Step 1 | Choose . | ||
Step 2 | Select an existing remote access VPN policy in the list and click the corresponding Edit icon. | ||
Step 3 | Click the Access Interface tab. | ||
Step 4 | To add an access interface, click + and specify values for the following in the Add Access Interface dialog box: | ||
Step 5 | Select the following under Access Settings:
| ||
Step 6 | Use the following options to configure SSL Settings:
| ||
Step 7 | For IPsec-IKEv2 Settings, select the IKEv2 Identity Certificate from the list or add an identity certificate. | ||
Step 8 | Configure Service Access Control. Choose a service access object from the Service Access Object drop-down list or click + to create a new object. You can use a service access object to control remote clients' access to VPN on threat defense devices with Version 7.7 or later. This object provides geolocation-based access control to clients before VPN authentication. By default, there is no access control for RA VPN, and remote clients can connect from any geolocation unless specified by a service access object. For more information, see Manage VPN Access of Remote Users Based on Geolocationand Configure a Service Access Object. | ||
Step 9 | Under the Access Control for VPN Traffic section, select the following option if you want to bypass access control policy:
| ||
Step 10 | Click Save to save the access interface changes. |