Siemens SINAUT MD741-1 System Manual page 71

Simatic net egprs/gprs-router

Hide thumbs Also See for SINAUT MD741-1:

System manual (150 pages)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

page of 137

/ 137
Contents
Table of Contents
Bookmarks

Table of Contents

The CA creates a certificate file (PKCS12) with the file extension *p12 for each of

the two remote stations. This certificate file contains the public and private keys for

the own station, the signed certificate from the CA, and the public key of the CA.

For the authentication method X.509 there is additionally a key file (*.pem, *cer or

*.crt) for each of the two remote stations with the public key of the own station.

X.509 certificate

The public keys (files with extension *.pem, *cer or *.crt) are exchanged between

the SINAUT MD741-1 and the remote station's VPN gateway takes place

manually, for example on a CD-ROM or vie e-mail. To load the certificate, proceed

as described in Chapter 7.3.

CA certificate

The public keys are exchanged between the SINAUT MD741-1 and the remote

station's VPN gateway via the data connection when the VPN connection is

established. Manual exchange of the key files is not necessary.

Pre-shared secret key (PSK)

This method is primarily supported by older IPsec implementations. Here

authentication is performed with a character string agreed on beforehand. In order

to obtain high security, the character string should consist of about randomly-

selected 30 lower-case and upper-case letters and numerals.

Remote certificate

If you have selected X.509 certificate as the authentication method, then a list of

the remote certificates that you have already loaded into the SINAUT MD741-1 is

displayed here. Select the certificate for the VPN connection.

Remote ID, Local ID

The Local ID and the Remote ID are used by IPsec to identify the remote stations

uniquely when establishing the VPN connection. The own Local ID constitutes the

Remote ID of the remote station and vice versa.

For authentication with X.509 certificate or CA certificate:

If you keep the factory setting NONE, then the Distinguished Names from the

●

own certificate and from the certificate communicated by the remote station are

automatically used as the Local ID and Remote ID.

If you manually change the entry for the Local ID or the Remote ID, then the

•

corresponding entries must be adapted at the remote station. The manual entry

for Local or Remote ID must be made in the ASN.1 format, e.g. "C=XY/O=XY

Org/CN=xy.org.org"

SINAUT MD741-1

C79000- G8976-C212

VPN connection

Table of Contents

Show Quick Links

Quick Links:
Configuration

Hide quick links:

Chapters

Table of Contents

Siemens SINAUT MD741-1 System Manual page 71

Hide quick links:

Chapters

Related Manuals for Siemens SINAUT MD741-1

Related Products for Siemens SINAUT MD741-1

Table of Contents