It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see End-of-Support for CloudGen Firewall Firmware for further information on our EoS policy.

Examples for TINA and IPsec Client-to-site VPNs

  • Last updated on

The VPN group policies are extremely flexible. See below for instructions on how to create VPN group policies using client certificate or pre-shared key authentication.

Client-to-site VPN using TINA or IPsec IKEv1 and Client Certificate Authentication

Client certificate authentication allows you to authenticate the client by validating the client certificate when the client logs in. You can include matching conditions that evaluate the certificate fields. By default, each user can have only one concurrent client-to-site VPN connection. An Advanced Remote Access subscription is required to enable concurrent client-to-site VPN sessions by the same user.

For more information, see Example - Client-to-Site TINA VPN with Client Certificate Authentication and Example - Client-to-Site IKEv1 IPsec VPN with Client Certificate Authentication.

Client-to-site VPN using IPsec IKEv1 and Pre-shared Keys

To let users access a client-to-site IPsec VPN without having to install X.509 certificates on their client devices, you can create an IPsec client-to-site VPN group policy using a preshared key (PSK). For users with mobile devices that are not managed by a mobile device management platform (MDM), using a PSK is more convenient than having to install client certificates for authentication.

For more information, see Example - Client-to-Site IKEv1 IPsec VPN with PSK .

Client-to-site VPN using IPsec IKEv2

Use an IPsec IKEv2 client-to-site VPN to let mobile workers connect securely to your firewall with a standard-compliant IKEv2 VPN client.

For more information, see Example - Client-to-Site IKEv2 IPsec VPN.