Globalprotect Mobile - no cert found

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Globalprotect Mobile - no cert found

L3 Networker

I've seen post like Re: IOS Global Protect APP - Required Client Certificate is not found but the fix was to manually import certificate to phone..How do I make my GP on droid to auto-download cert and connect ? I have same problem on Windows PC , manual cert import make the client working

gp mobile2.jpg

1 accepted solution

Accepted Solutions

Other alternative is to configure a pre-shared secret based authentication method. Either way you will need to use some kind of authentication method.

Same document, please refer to page 8-9

Configuring a Pre-Shared Secret on the GlobalProtect Gateway

1. On the GlobalProtect Gateway, navigate to Network > GlobalProtect > Gateways and create a new Gateway configuration or modify an existing Gateway.

2. From the General tab, enable Tunnel Mode and then select Enable IPSec and Enable X-Auth Support.

3. Enter a Group Name.

4. Enter and confirm the Group Password.

5. Click Ok and then commit the configuration.

Configuring a Pre-Shared Secret on the Android Device

1. On the Android device, open Settings > Wireless and networks > More > VPN.

2. Click Add VPN network.

3. Enter a descriptive name for the profile in the Name field.

4. In the Type drop-down, select IPSec Xauth PSK as the type.

5. In the Server address field, enter the address of the GlobalProtect Gateway.

6. Enter the group name configured previously in the IPSec identifier field.

7. Enter the group password in the IPsec pre-shared key field.

8. Save the configuration.

9. To establish a VPN, go to Settings > Wireless and networks > VPN and select the new VPN profile.

10. Click Connect and you will be prompted for your username and password. Once authenticated, the VPN will be

established.

View solution in original post

3 REPLIES 3

L2 Linker

Hello Niuk,

For certificate based auth using droid phone, you must manually export and import the certificates.

Please refer to this document GlobalProtect Configuration for the IPSec Client on Android Devices Page 5

Hope this helps.

What is my option if i don't want certificate based authentication , how do I setup whole thing  so phone doesn't need certificate (credentials only)?

Other alternative is to configure a pre-shared secret based authentication method. Either way you will need to use some kind of authentication method.

Same document, please refer to page 8-9

Configuring a Pre-Shared Secret on the GlobalProtect Gateway

1. On the GlobalProtect Gateway, navigate to Network > GlobalProtect > Gateways and create a new Gateway configuration or modify an existing Gateway.

2. From the General tab, enable Tunnel Mode and then select Enable IPSec and Enable X-Auth Support.

3. Enter a Group Name.

4. Enter and confirm the Group Password.

5. Click Ok and then commit the configuration.

Configuring a Pre-Shared Secret on the Android Device

1. On the Android device, open Settings > Wireless and networks > More > VPN.

2. Click Add VPN network.

3. Enter a descriptive name for the profile in the Name field.

4. In the Type drop-down, select IPSec Xauth PSK as the type.

5. In the Server address field, enter the address of the GlobalProtect Gateway.

6. Enter the group name configured previously in the IPSec identifier field.

7. Enter the group password in the IPsec pre-shared key field.

8. Save the configuration.

9. To establish a VPN, go to Settings > Wireless and networks > VPN and select the new VPN profile.

10. Click Connect and you will be prompted for your username and password. Once authenticated, the VPN will be

established.

  • 1 accepted solution
  • 4259 Views
  • 3 replies
  • 0 Likes
  • 101 Subscriptions
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!