M2M Cellular Gateway
Gateway 2 creates a CSR (BranchCSR) to let the root CA of the Gateway 1 sign it to be
the BranchCRT certificate. Import the certificate into the Gateway 2 as a local certificate.
In addition, also import the certificates of the root CA of the Gateway 1 into the
Gateway 2 as the trusted ones. (Please also refer to following two sub‐sections)
Establish an IPSec VPN tunnel with IKE and X.509 protocols by starting from either peer,
so that all client hosts in these both subnets can communicate with each other.
Parameter Setup Example
For Network‐A at HQ
Following tables list the parameter configuration as an example for the "My
Certificates" function used in the user authentication of IPSec VPN tunnel establishing,
as shown in above diagram. The configuration example must be combined with the
ones in following two sections to complete the whole user scenario.
Use default value for those parameters that are not mentioned in the tables.
Configuration Path
Name
Key
Subject Name
Configuration Path
Name
Key
Subject Name
Configuration Path
IPSec
Configuration Path
Tunnel
Tunnel Name
Interface
Tunnel Scenario
Operation Mode
Index skipping is used to reserve slots for new function insertion, when required.
[My Certificates]‐[Root CA Certificate Configuration]
HQRootCA
Key Type: RSA Key Length: 1024‐bits
Country(C): TW State(ST): Taiwan Location(L): Tainan
Organization(O): AMITHQ Organization Unit(OU): HQRD
Common Name(CN): HQRootCA E‐mail: hqrootca@amit.com.tw
[My Certificates]‐[Local Certificate Configuration]
HQCRT Self‐signed: ■
Key Type: RSA Key Length: 1024‐bits
Country(C): TW State(ST): Taiwan Location(L): Tainan
Organization(O): AMITHQ Organization Unit(OU): HQRD
Common Name(CN): HQCRT E‐mail: hqcrt@amit.com.tw
[IPSec]‐[Configuration]
■ Enable
[IPSec]‐[Tunnel Configuration]
■ Enable
s2s‐101
WAN 1
Site to Site
Always on
281