24 Mar Remote Working With IKEv2 VPN
Remote Working With IKEv2 VPN
Recent events have forced a lot of workers to work from home, but which one is the most secure and easy to use?
Today we’re looking at IKEv2 and will overview the following:
- Ease of Use
IKEv2 uses multi-layer security due to requiring a certificate and username/password instead of just a pre-shared key.
It can also be linked to a RADIUS server meaning that you can easily control who has access so even if someone obtained the certificate they would need to know an authorised user to be able to gain access.
Due to the multi-layer approach, you can also go one step further than just a certificate and username/password you can link the solution to WatchGuard AuthPoint which is a Multi-Factor Authentication service for additional security.
Ease of Use/Configuration
IKEv2 is widely supported and utilised the native VPN clients built into Windows, macOS, IOS and even Windows Mobile.
Once you have built the configuration on your WatchGuard which is nothing more than a couple of clicks as seen below you can send the file to all users and they simply run the file relevant to there OS which will install the profile and there ready to go.
Define the Public IP the VPN should connect to and specify the DHCP Pool clients will use along with any DNS settings you wish to impose.
Select the authentication server you wish to use along with any local users you may have configured.
Select your security proposals and download the ZIP package which contains the install file and certificates for each different OS
As you can see the VPN is now installed simply click on in and you’re connected.
In this example its using the inbuilt Windows 10 Client
IKEv2 uses IPsec so relies on UDP ports 500, 4500 and ESP IP Protocol 50.
In the rare instance that 4500 is blocked then the VPN connection will not be able to form as IPsec is at the core of the IKEv2 protocol
IKEv2 is a very lightweight protocol and as a result, is typically the least impacting on performance with little overhead also.
It is less intensive on the CPU and also very quick to connect and re-establish if the connection ever drops
If you would like to get in touch with any further questions about this article or any other technical enquiry, please contact us on +44 (0) 1488 647 647
Author: Alex Claro – Solutions Architect Team Lead at Purdicom (CCNP, CWNA). To read this article and more by Alex on LinkedIn check here: https://www.linkedin.com/in/alex-claro/detail/recent-activity/posts/