We have the following challenge:
On our XGS, we've setup IPsec remote access via Connect Client for our laptop users. This is working quite well. We use Azure MFA for authentication and are able to limit each users access right by user based firewall rules.
But now we have a requirement that some iOS devices need to connect via IPsec as well. As the XGS only support one IPsec remote access profile, that doesn't seem to be possible. The requirements for the IOS devices are as follows:
- No third party apps to initiate the tunnel. So only native IOS VPN function can be used
- Authentication credentials saved on the device, so the user doesn't have to enter it each time
- No 2FA
- IOS users must be able to establish the tunnel by simly turning it on, without providiing any credentials or something.
According to the official setup guide for iOS VPN connections to a Sophos XG, there are some limitations like that Local ID must be empty. However, we can't change that in our IPsec configuration, as we need to have that for our Laptop users.
Is there any way to have multiple IPsec remote access profiles for different usecases? Is there any other solution we may have overseen, which could solve our problem?
This thread was automatically locked due to age.
