ICR-1601
123
For Network-B at Branch Office
Following tables list the parameter configuration as an example for the "Trusted Certificate" function
used in the user authentication of IPSec VPN tunnel establishing, as shown in above diagram.
The configuration example must be combined with the ones in "My Certificate" and "Issued Certificate"
sections to complete the setup for the whole user scenario.
[Trusted Certificate]-[Trusted CA Certificate List]
[Trusted Certificate]-[Trusted CA Certificate Import from a File]
[Trusted Certificate]-[Trusted Client Certificate List]
[Trusted Certificate]-[Trusted Client Certificate Import from a File]
Scenario Operation Procedure (same as the one described in "My Certificate" section)
In above diagram, the "Gateway 1" is the gateway of Network-A in headquarters and the subnet of its
Intranet is 10.0.76.0/24. It has the IP address of 10.0.76.2 for LAN interface and 203.95.80.22 for WAN-
1 interface. The "Gateway 2" is the gateway of Network-B in branch office and the subnet of its Intranet
is 10.0.75.0/24. It has the IP address of 10.0.75.2 for LAN interface and 118.18.81.33 for WAN-1
interface. They both serve as the NAT security gateways.
In Gateway 2 import the certificates of the root CA and HQCRT that were generated and signed by
Gateway 1 into the "Trusted CA Certificate List" and "Trusted Client Certificate List" of Gateway 2.
Import the obtained BranchCRT certificate (the derived BranchCSR certificate after Gateway 1’s root CA
signature) into the "Trusted Client Certificate List" of the Gateway 1 and the "Local Certificate List" of
the Gateway 2. For more details, refer to the Network-B operation procedure in "My Certificate" section
of this manual.
Gateway 2 can establish an IPSec VPN tunnel with "Site to Site" scenario and IKE and X.509 protocols to
Gateway 1.
Finally, the client hosts in two subnets of 10.0.75.0/24 and 10.0.76.0/24 can communicate with each
other.
To Next Page
Loading...
