We are having the same problem. I have also asked our Juniper rep for the clients that have been tested. Please post if you get a response from Juniper.
I'm also looking at this new feature but can't get the gateway to log any messages or send any reply packets to the client. Anybpody had any luck getting this working yet?
I've just tried this with the WIndows 7 Agile VPN and get the same error as mentioned previously: "error 13843:invalid payload received". Have you seen this and do you know the reason for it?
I have so many questions about how this feature works and what with, but no clue from the admin guide.
If I have multiple realms / sign-in policies configured, how does the IKEv2 feature know which realm to go against or this there some unwritten feature that it has to be the "Users" realm?
I succeeded to use IKEv2 with strongswan on linux. I didn't try with another client.
But here is the steps I followed :
- Create a CA certificate and a client certificate and key.
- Put on the SSLVPN box the CA certificate in the section configuration -> certificate -> Trusted client certificate
- I created a new authentication server as a certificate server.
- I created a new Realm using this server for authentication and selecting a role based on userAgent (IKEv2) or the username.
- I check IKEv2 in the role used for these users
- I choose the new-created realm in configuration -> IKEv2.
But if anyone succeeded to authenticate the user with username/password, I'm interested...