----------------------------------------------------------------------------
RV260/RV34X C2S IKEv2 VPN Server for Windows-IKEv2-Native Clients using Certificates-auth only
---------------------------------------------------------------------------

- Configure the C2S server on RV34X/RV260 as below:

Note: For this ikev2 vpn-server using certs, you wont need a Radius-server 

Step-1: In the Ipsec-Profiles, configure the below ipsec-algo-profile used by the specified clients

Name: Ikve2_WindowsClients_Profile
Version: IKEv2
Phase-1: AES256-SHA1-GROUP2; Lifetime: 28800sec
Phase-2: ESP; AES256-SHA1; pfs=no; lifetime:3600sec

- apply and do a permanent save too

Step-2: In Basic Settings tab

- add and configure a C2S vpn server as below:

Enable: Yes/Checked
Tunnel Name: Ikev2_WindowsClients_wCerts1
Interface: WAN1

IKE Authentication Method

Certificate: 

Local Certificate: 
- select the server device certificate

Remote CA Certificate:
- select the ROOT-CA certificate "xxx_CA" from the list, the same CA-cert that has signed the server-certificate


Local Identifier:
- select ASN1DN
- the server certificate's subject-DN will be automatically populated/assigned

Remote Identifier:
- select ASN1DN
- and keep the value empty. Do NOT enter any value


Extended Authentication: DISABLE/UNCHECKED

- Note: DO NOT ENABLE/SELECT EXTENDED AUTHENTICATION

Pool Range for client lan:

Start ip: 10.31.1.100
End ip: 10.31.1.150


Step-3: In the Advanced settings tab

Ipsec Profile: Ikve2_WindowsClients_Profile

Remote Endpoint : Dynamic IP

- It should be Dynamic IP only as multiple clients will be connecting to this server

Local Group Setup
Local IP Type: ANY


Mode Configuration

dns/wins/default-domain/etc: to be configured as per the user requirements


Step-4: Click on Apply and do a permanent save too


##################################################################