Scenario Operation Procedure
In the above diagram, "Gateway 1" is the gateway of Network-A in headquarters and the subnet of
its Intranet is 10.0.76.0/24. It has the IP address of 10.0.76.2 for LAN interface and 203.95.80.22 for
WAN-1 interface. "Gateway 2" is the gateway of Network-B in branch office and the subnet of its
Intranet is 10.0.75.0/24. It has the IP address of 10.0.75.2 for LAN interface and 118.18.81.33 for
WAN-1 interface. They both serve as the NAT security gateways.
Gateway 1 generates the root CA and a local certificate (HQCRT) that is signed by itself. It imports
the certificates of the root CA and HQCRT into the "Trusted CA Certificate List" and "Trusted Client
Certificate List" of Gateway 2.
Gateway 2 generates a Certificate Signing Request (BranchCSR) for its own certificate (BranchCRT)
(Please generate one not self-signed certificate in the Gateway 2, and click on the "View" button for
that CSR. Just download it.). Take the CSR to be signed by the root CA of Gateway 1 and obtain the
BranchCRT certificate (you need rename it). Import the certificate into the "Trusted Client
Certificate List" of the Gateway 1 and the "Local Certificate List" of Gateway 2.
Gateway 2 can establish an IPsec VPN tunnel with "Site to Site" scenario and IKE and X.509
protocols to Gateway 1.
Finally, the client hosts in two subnets of 10.0.75.0/24 and 10.0.76.0/24 can communicate with each
other.