Configuration Path
[IPSec]-[Local & Remote Configuration]
Local Subnet
10.0.75.0
Local Netmask
255.255.255.0
Full Tunnel
Disable
Remote Subnet
10.0.76.0
Remote Netmask
255.255.255.0
Remote Gateway
203.95.80.22
Configuration Path
[IPSec]-[Authentication]
Key Management
IKE+X.509 Local Certificate: BranchCRT Remote Certificate: NTCCRT
Local ID
User Name Network-B
Remote ID
User Name Network-A
Configuration Path
[IPSec]-[IKE Phase]
Negotiation Mode
Main Mode
X-Auth
None
Scenario Operation Procedure
In the diagram above, "Router 1" is the gateway of Network-A at headquarters and the subnet of its Intranet is 10.0.76.0/24.
It has the IP address of 10.0.76.2 for its LAN interface and 203.95.80.22 for WAN-1 interface. "Router 2" is the gateway of
Network-B in the branch office and the subnet of its Intranet is 10.0.75.0/24. It has the IP address of 10.0.75.2 for its LAN
interface and 118.18.81.33 for WAN-1 interface. They both serve as the NAT security gateways.
Router 1 generates the root CA and a local certificate (NTCCRT) that is signed by itself. Import the certificates of the root CA
and NTCCRT into the "Trusted CA Certificate List" and "Trusted Client Certificate List" of Router 2.
Router 2 generates a Certificate Signing Request (BranchCSR) for its own certificate (BranchCRT) (Please generate one not
self-signed certificate in the Router 2, and click on the "View" button for that CSR). Take the CSR to be signed by the root CA
of Router 1 and obtain the BranchCRT certificate (you must rename it). Import the certificate into the "Trusted Client
Certificate List" of the Router 1 and the "Local Certificate List" of Router 2.
Router 2 can establish an IPSec VPN tunnel with "Site to Site" scenario and IKE and X.509 protocols to Router 1.
The client hosts in two subnets of 10.0.75.0/24 and 10.0.76.0/24 can communicate with each other.
4.5.3 Local Certificate
Navigate to the Object Definition > Certificate > My Certificate tab.
To Next Page
Loading...
Need help?
General