Configuring An IKEv2 IPsec Connection From Windows 10 To Arista NG Firewall


You can connect Windows 10 devices to NG Firewall using IPsec VPN with IKEv2. This type of connection can use full tunnel so that all Internet traffic routes through the VPN tunnel.


Before you can set up IPsec tunnels from Windows 10, you must properly configure NG Firewall with a fully qualified Internet hostname and matching certificates.

IMPORTANT: See Configuring NG Firewall For IPsec Tunnels for step by step instructions before continuing with the steps below.

Install the certificate

Note: If you use a signed SSL certificate from a trusted certificate authority, this step is not necessary.

To install the certificate on the Windows 10 device:

  1. Open a browser on the Windows 10 device and navigate to https://your_firewall_host/cert
  2. The browser downloads the certificate file. Locate this file in your downloads folder.
  3. Then, open the downloaded certificate file.


  1. Click “Install Certificate…

  2. Select “Local Machine” and click Next.

  3. Select “Place all certificates in the following store” and click “Browse…

  4. Select “Trusted Root Certification Authorities”, click OK, then click “Next”.

  5. Click “Finish”.

  6. Click “OK” on both windows.


Set up a VPN connection:

  1. Open the Windows Start Menu and start typing “control panel“. Click on the Control Panel in the results.

  2. Open Network and Internet.

  3. Click on Network and Sharing Center.Win10-2.png

  4. Click Set up a new connection or network.Win10-3.png

  5. Click Connect to a workplace and click Next.

  6. If you are asked “Do you want to use a connection that you already have?”, select “No, create a new connection” and click Next.

  7. Click Use my Internet connection (VPN).

  8. Internet address is the hostname of your server, the same as the name on your certificate.
  9. win10-newikevpn.png

  10. Destination name is your custom VPN connection name.

  11. Open Network and Sharing Center again and click Change adapter settings.

  12. Right click the adapter with the name you created, then click Properties. Select the Security tab.

  13. Enter the following:
    • Type of VPN: IKEv2
    • Data encryption: Require encryption (disconnect if server declines)
    • Authentication: Use Extensible Authentication Protocol(EAP) and EAP-MSCHAPv2
    Click OK.

  14. Click the Networking Tab.
  15. Choose the Internet Protocol Version 4 (TCP/IPv4) Properties.
  16. Click the Advanced button.
  17. Enable Use default gateway on remote network to force Internet traffic via the tunnel.
  18. Click OK

Connecting the VPN:

  1. Move the cursor to the right corner of your screen and click the Network icon and click on connection name that you created, then Connect.

  2. In the Sign in dialog, enter your credentials.




Was this article helpful?
1 out of 2 found this helpful
Have more questions? Submit a request



Please sign in to leave a comment.

Powered by Zendesk