Configuring an IKEv2 IPsec connection from iOS to Arista NG Firewall


You can connect iOS devices to NG Firewall using IPsec VPN. This type  of connection can use full tunnel so that all Internet traffic routes through the VPN tunnel.


Before you can set up IPsec tunnels from iOS based devices, you must properly configure NG Firewall with a fully qualified Internet hostname and matching certificates.

IMPORTANT: See Configuring NG Firewall For IPsec Tunnels for step by step instructions before continuing with the steps below.

Install the certificate in iOS

Note: If you use a signed SSL certificate from a trusted certificate authority, this step is not necessary.

To install the certificate on the iOS device:

  1. Open a browser on the iOS device and navigate to http://your_firewall_host/cert
  2. When prompted about the profile, choose allow.
  3. Open the Settings app and tap the new profile at the top of the menu.
  4. Tap install.
  5. Once the profile installs, click Done.

Configure the VPN connection

  1. On the iOS device, go to Settings > General > VPN.
  2. Click Add VPN Configuration.
  3. Choose IKEv2.
  4. Give a description to your VPN connection.
  5. In the Server and Remote ID, enter the fully qualified hostname of your NG Firewall.
  6. The Local ID remains empty.
  7. For Authentication, choose Username and enter the credentials of a user in the local directory or Directory Connector app.
  8. Click Done
Was this article helpful?
1 out of 4 found this helpful
Have more questions? Submit a request



Please sign in to leave a comment.

Powered by Zendesk