M2M Cellular Gateway
Scenario Application Timing (same as the one described in "My Certificates" section)
When the enterprise gateway owns the root CA and VPN tunneling function, it can
generate its own local certificates by being signed by itself. Also imports the trusted
certificates for other CAs and Clients. These certificates can be used for two remote
peers to make sure their identity during establishing a VPN tunnel.
Scenario Description (same as the one described in "My Certificates" section)
Gateway 1 generates the root CA and a local certificate (HQCRT) signed by itself. Import
a trusted certificate (BranchCRT) –a BranchCSR certificate of Gateway 2 signed by root
CA of Gateway 1.
Gateway 2 creates a CSR (BranchCSR) to let the root CA of the Gateway 1 sign it to be
the BranchCRT certificate. Import the certificate into the Gateway 2 as a local certificate.
In addition, also imports the certificates of the root CA of Gateway 1 into the Gateway 2
as the trusted ones. (Please also refer to "My Certificates" and "Issue Certificates"
sections).
Establish an IPSec VPN tunnel with IKE and X.509 protocols by starting from either peer,
so that all client hosts in these both subnets can communicate with each other.
Parameter Setup Example (same as the one described in "My Certificates" section)
For Network‐A at HQ
Following tables list the parameter configuration as an example for the "Trusted
Certificates" function used in the user authentication of IPSec VPN tunnel establishing,
as shown in above diagram. The configuration example must be combined with the
ones in "My Certificates" and "Issue Certificates" sections to complete the setup for the
whole user scenario.
Configuration Path
Command Button
Index skipping is used to reserve slots for new function insertion, when required.
[Trusted Certificates]‐[Trusted Client Certificate List]
Import
288