HOW TO: IPSec VPN - Authentication by certificate
You wish to securely link up the various sites of your company currently linked via the Internet.
To do so, you need to create a site-to-site IPSec VPN star configuration. The authentication method
shown in this tutorial is based on the verification of certificates (authentication by pre-shared key
can also be set up).
This document describes the configuration to create, so that you can allow client workstations on
two remote sites to access an intranet server on the main site through this tunnel in HTTP.
Needless to say, this architecture is not restricted to just three sites.
The certificate authority will be hosted by one of three IPSec gateways involved, the IPS-Firewall
of the main site.
Implementation
The purpose of this chapter is to describe the configuration needed on the various IPS-Firewalls
participating in the IPSec VPN:
l Creation of network objects,
l Creation of the PKI infrastructure,
o
Certificate authority (CA),
o
Certificate revocation list (CRL),
o
IPS-Firewall certificates,
l Creation of IPSec tunnels,
l Setup of filter rules.
Page 404/448 sns-en-user_configuration_manual-v3 - Copyright © Stormshield 2016
SNS - USER CONFIGURATION MANUAL V.3
HOW TO: IPSEC VPN - AUTHENTICATION BY CERTIFICATE
To Next Page
Loading...
