M2M Cellular Gateway
Configuration Path
File
For Network‐B at Branch Office
Following tables list the parameter configuration as an example for the "Trusted
Certificates" function used in the user authentication of IPSec VPN tunnel establishing,
as shown in above diagram. The configuration example must be combined with the
ones in "My Certificates" and "Issue Certificates" sections to complete the setup for the
whole user scenario.
Configuration Path
Command Button
Configuration Path
File
Configuration Path
Command Button
Configuration Path
File
Scenario Operation Procedure (same as the one described in "My Certificates" section)
In above diagram, the "Gateway 1" is the gateway of Network‐A in headquarters and
the subnet of its Intranet is 10.0.76.0/24. It has the IP address of 10.0.76.2 for LAN
interface and 203.95.80.22 for WAN‐1 interface. The "Gateway 2" is the gateway of
Network‐B in branch office and the subnet of its Intranet is 10.0.75.0/24. It has the IP
address of 10.0.75.2 for LAN interface and 118.18.81.33 for WAN‐1 interface. They both
serve as the NAT security gateways.
In Gateway 2 import the certificates of the root CA and HQCRT that were generated and
signed by Gateway 1 into the "Trusted CA Certificate List" and "Trusted Client Certificate
List" of Gateway 2.
Import the obtained BranchCRT certificate (the derived BranchCSR certificate after
Gateway 1's root CA signature) into the "Trusted Client Certificate List" of the Gateway
1 and the "Local Certificate List" of the Gateway 2. For more details, refer to the
Network‐B operation procedure in "My Certificates" section of this manual.
Gateway 2 can establish an IPSec VPN tunnel with "Site to Site" scenario and IKE and
X.509 protocols to Gateway 1.
Finally, the client hosts in two subnets of 10.0.75.0/24 and 10.0.76.0/24 can
communicate with each other.
The Trusted Certificates setting allows user to import trusted certificate.
Trusted CA Certificate List
Index skipping is used to reserve slots for new function insertion, when required.
[Trusted Certificates]‐[Trusted Client Certificate Import from a File]
BranchCRT.crt
[Trusted Certificates]‐[Trusted CA Certificate List]
Import
[Trusted Certificates]‐[Trusted CA Certificate Import from a File]
HQRootCA.crt
[Trusted Certificates]‐[Trusted Client Certificate List]
Import
[Trusted Certificates]‐[Trusted Client Certificate Import from a File]
HQCRT.crt
289