I need some guidance on this...
I have R80.10 management and some of my gateways are still on R77.30 so I can't use the Access Roles in the source and still use the Remote Access VPN group. So on these sites, I would like to use the Legacy User (LDAP User) in the source but my rules aren't matching after connecting to VPN; please see another recent user post on this subject to view my setup there. This got me to thinking and to my questions:
- Is the Remote Access VPN encrypted from the end point client to the gateway even if I don't have the Remote Access VPN community set? Remember above that I can't get my LDAP group to match the user.
- If this is the case, to get down to the level of user auth to the destination with an R77.30 gateway, would it be recommended to use the Access Roles in the source and NOT use the Remote Access VPN community?
In the future we are planning to upgrade everything to R80.XX but we are having troubles with getting the granularity we need on the VPN. Also, we do have Identity Awareness enabled and working as well.