ICR-1601
122
Self-signed Certificate Usage Scenario
Scenario Application Timing (same as the one described in "My Certificate" section)
When the enterprise router owns the root CA and VPN tunneling function, it can generate its own local
certificates by being signed by itself. Also imports the trusted certificates for other CAs and Clients.
These certificates can be used for two remote peers to make sure their identity during establishing
a VPN tunnel.
Scenario Description (same as the one described in "My Certificate" section)
Gateway 1 generates the root CA and a local certificate (HQCRT) signed by itself. Import a trusted
certificate (BranchCRT) –a BranchCSR certificate of Gateway 2 signed by root CA of Gateway 1.
Gateway 2 creates a CSR (BranchCSR) to let the root CA of the Gateway 1 sign it to be the BranchCRT
certificate. Import the certificate into the Gateway 2 as a local certificate. In addition, also imports the
certificates of the root CA of Gateway 1 into the Gateway 2 as the trusted ones. (Please also refer to
"My Certificate" and "Issue Certificate" sections).
Establish an IPSec VPN tunnel with IKE and X.509 protocols by starting from either peer, so that all client
hosts in these both subnets can communicate with each other.
Parameter Setup Example (same as the one described in "My Certificate" section)
For Network-A at HQ
Following tables list the parameter configuration as an example for the "Trusted Certificate" function
used in the user authentication of IPSec VPN tunnel establishing, as shown in above diagram.
The configuration example must be combined with the ones in "My Certificate" and "Issue Certificate"
sections to complete the setup for the whole user scenario.
[Trusted Certificate]-[Trusted Client Certificate List]
[Trusted Certificate]-[Trusted Client Certificate Import from a File]
To Next Page
Loading...
