Table of Contents
Advertisement
M2M Cellular Gateway
Self‐signed Certificate Usage Scenario
Scenario Application Timing (same as the one described in "My Certificates" section)
When the enterprise gateway owns the root CA and VPN tunneling function, it can
generate its own local certificates by being signed by itself. Also imports the trusted
certificates for other CAs and Clients. These certificates can be used for two remote
peers to make sure their identity during establishing a VPN tunnel.
Scenario Description (same as the one described in "My Certificates" section)
Gateway 1 generates the root CA and a local certificate (HQCRT) signed by itself. Also
imports a trusted certificate (BranchCRT) –a BranchCSR certificate of Gateway 2 signed
by root CA of Gateway 1.
Gateway 2 creates a CSR (BranchCSR) to let the root CA of the Gateway 1 sign it to be
the BranchCRT certificate. Import the certificate into the Gateway 2 as a local certificate.
In addition, also imports the certificates of the root CA of the Gateway 1 into the
Gateway 2 as the trusted ones. (Please also refer to "My Certificates" and "Trusted
Certificates" sections).
Establish an IPSec VPN tunnel with IKE and X.509 protocols by starting from either peer,
so that all client hosts in these both subnets can communicate with each other.
Parameter Setup Example (same as the one described in "My Certificates" section)
For Network‐A at HQ
Following tables list the parameter configuration as an example for the "Issue
Certificates" function used in the user authentication of IPSec VPN tunnel establishing,
as shown in above diagram. The configuration example must be combined with the
ones in "My Certificates" and "Trusted Certificates" sections to complete the setup for
whole user scenario.
Index skipping is used to reserve slots for new function insertion, when required.
294
Advertisement
Table of Contents
