Table of Contents
Advertisement
Router 2 creates a CSR (BranchCSR) to let the root CA of Router 1 sign it to be the BranchCRT certificate. Import the
certificate into Router 2 as a local certificate. It also imports the certificates of the root CA of the Router 1 into the Router 2
as the trusted ones. (Please also refer to "My Certificate" and "Trusted Certificate" sections).
Establish an IPSec VPN tunnel with IKE and X.509 protocols by starting from either peer so that all client hosts in both of
these subnets can communicate with each other.
Parameter Setup Example
(same as the one described in "My Certificate" section)
For Network-A at HQ
The following tables list the parameter configuration as an example for the "Issue Certificate" function used in the user
authentication of IPSec VPN tunnel establishing, as shown in the diagram above. The configuration example must be
combined with the ones in "My Certificate" and "Trusted Certificate" sections to complete the setup for the whole user
scenario.
Configuration Path
Browse
Command Button
Configuration Path
Command Button
Scenario Operation Procedure
(same as the one described in "My Certificate" section)
In the diagram above, the "Router 1" is the gateway of Network-A in headquarters and the subnet of its Intranet is
10.0.76.0/24. It has the IP address of 10.0.76.2 for the LAN interface and 203.95.80.22 for the WAN-1 interface. "Router 2" is
the gateway of Network-B in branch office and the subnet of its Intranet is 10.0.75.0/24. It has the IP address of 10.0.75.2 for
the LAN interface and 118.18.81.33 for the WAN-1 interface. They both serve as the NAT security gateways.
Router 1 generates the root CA and a local certificate (HQCRT) that is signed by itself. Import the certificates of the root CA
and HQCRT into the "Trusted CA Certificate List" and "Trusted Client Certificate List" of Router 2.
Router 2 generates a Certificate Signing Request (BranchCSR) for its own certificate BranchCRT to be signed by root CA
(Please generate one not self-signed certificate in the Router 2, and click on the "View" button for that CSR). Take the CSR to
be signed by the root CA of Router 1 and obtain the BranchCRT certificate (you need rename it). Import the certificate into
the "Trusted Client Certificate List" of the Router 1 and the "Local Certificate List" of the Router 2.
Router 2 can establish an IPSec VPN tunnel with "Site to Site" scenario and IKE and X.509 protocols to Router 1.
The client hosts in two subnets of 10.0.75.0/24 and 10.0.76.0/24 can communicate with each other.
NTC-400 Series
[Issue Certificate]-[Certificate Signing Request Import from a File]
C:/BranchCSR
Sign
[Issue Certificate]-[Signed Certificate View]
Download (default name is "issued.crt")
187 of 359
© NetComm Wireless 2019
Advertisement
Table of Contents
