I've configuring IKEv2 to work with our Win10 and Win7 clients - first time dealing with IKE implementation, and I was wondering on the Certificates for machine Authentication. Should the client certificate CN contain the full FQDN (MyVPN.MyDomain.com) of the VPN appliance? or just the hostname (MyVPN)
As for the internal and external port certificates - do these need to match the certificate that I want to use on the clients?
I have the CA for client and server installed on both my clients, and my PCS - however the clients are still coming up with Authentication creds are unacceptable.
i do not know if the user/client/machine certificate needs to have the VPN name configured yes, the certificate(s) hosted on the NIC should have the proper name that matches the IKEv2 configuration on the client what is the rest of your IKEv2 configuration look like? what does your user access log report?