![]() ![]() Repeat Steps 5-8 and import the root certificate authority and its chain for the device certificate. Under Trusted Root Certification Authorities, right-click Certificates, then select All Tasks > Import.After a successful import, the machine certificate will appear in the right pane.Select Automatically select the certificate store based on the type of certificate.Navigate to the created machine certificate (should be a PFX or P12 file) and click Open.The Certificate import wizard will appear.Under Personal, right-click the Certificates folder, then select All Tasks > Import.From the left pane, navigate to Console Root > Certificate (Local Computer) > Personal.From the list, select Certificates and click Add > Computer account.From the console window, click File > Add/Remove Snap-in.Configure the network connect ACLs and connection profile.Under the corresponding user role, ensure that VPN Tunneling is enabled.Assign the corresponding role to the "IKEv2" custom expressions.Configure role mapping based on the custom expression below. For the name of the role mapping rule, enter "IKEV2," then click Expressions.From the "Rule based on" drop down, select Custom Expressions and click Update. Navigate to User Realms > Role Mapping > New Rule.Configure/create a certificate authentication server on the Junos Pulse Secure Access device. ![]() If the certificate is chained, install the complete chain here. Under the Trusted Client CA, install the certificate authority that signed the device certificate.Under Configuration > Certificates > Device Certificates, ensure there is a trusted and valid device certificate installed on the PCS device and bound to the port configured in earlier.Under Realm/Protocol Set Mapping, select the corresponding realm name and set protocol set to EAP-MSCHAP-V2.Note that you must make adjustments from the provided example if the traffic will be sent to the external port and a realm with a different name. In this example, IKEv2 will be sent to the internal port and tied to the "IKEV2" realm. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |