ICR-1601
118
[IPSec]-[Tunnel Configuration]
[IPSec]-[Local & Remote Configuration]
IKE+X.509 Local Certificate: BranchCRT Remote Certificate: HQCRT
Scenario Operation Procedure
In above diagram, "Gateway 1" is the gateway of Network-A in headquarters and the subnet of its
Intranet is 10.0.76.0/24. It has the IP address of 10.0.76.2 for LAN interface and 203.95.80.22 for WAN-
1 interface. "Gateway 2" is the gateway of Network-B in branch office and the subnet of its Intranet is
10.0.75.0/24. It has the IP address of 10.0.75.2 for LAN interface and 118.18.81.33 for WAN-1 interface.
They both serve as the NAT security gateways.
Gateway 1 generates the root CA and a local certificate (HQCRT) that is signed by itself. Import the
certificates of the root CA and HQCRT into the "Trusted CA Certificate List" and "Trusted Client Certificate
List" of Gateway 2.
Gateway 2 generates a Certificate Signing Request (BranchCSR) for its own certificate (BranchCRT)
(Please generate one not self-signed certificate in the Gateway 2, and click on the "View" button for that
CSR. Just downloads it). Take the CSR to be signed by the root CA of Gateway 1 and obtain the BranchCRT
certificate (you need rename it). Import the certificate into the "Trusted Client Certificate List" of the
Gateway 1 and the "Local Certificate List" of Gateway 2.
Gateway 2 can establish an IPSec VPN tunnel with "Site to Site" scenario and IKE and X.509 protocols to
Gateway 1.
Finally, the client hosts in two subnets of 10.0.75.0/24 and 10.0.76.0/24 can communicate with each
other.
To Next Page
Loading...
