Digi IX10 User Manual page 315

Hide thumbs Also See for IX10:

Table of Contents

Virtual Private Networks (VPN)

16. (Optional) For Management Priority, set the management priority for this IPsec tunnel. A

tunnel that is up and has the highest priority will be used for central management and direct

device access.

17. (Optional) To configure the device to connect to its remote peer as an XAUTH client:

a. Click to expand XAUTH client.

b. Click Enable.

c. Type the Username and Password that the device will use to authenticate as an

XAUTH client with the peer.

18. (Optional) Click Enable MODECFG client to receive configuration information, such as the

private IP address, from the remote peer.

IX10 User Guide

i. For Local key, type the local pre-shared key. This must be the same as the

remote key on the remote host.

ii. For Remote key, type the remote pre-shared key. This must be the same as

the local key on the remote host.

RSA signature: Uses a private RSA key to authenticate with the remote peer.

i. For Private key, paste the device's private RSA key in PEM format.

ii. Type the Private key passphrase that is used to decrypt the private key.

Leave blank if the private key is not encrypted.

iii. For Peer public key, paste the peer's public RSA key in PEM format.

SCEP certificates: Uses Simple Certificate Enrollment Protocol (SCEP) to download

a private key, certificates, and an optional Certificate Revocation List (CRL) to the

IX10 device from a SCEP server.

You must create the SCEP client prior to configuring the IPsec tunnel. See

a Simple Certificate Enrollment Protocol client

i. For SCEP Client, select the SCEP client.

X.509 certificate: Uses private key and X.509 certificates to authenticate with the

remote peer.

i. For Private key, paste the device's private RSA key in PEM format.

ii. Type the Private key passphrase that is used to decrypt the private key.

Leave blank if the private key is not encrypted.

iii. For Certificate, paste the local X.509 certificate in PEM format.

iv. For Peer verification, select either:

Peer certificate: For Peer certificate, paste the peer's X.509 certificate in

Certificate Authority: For Certificate Authority chain, paste the

Certificate Authority (CA) certificates. These must include all peer

certificates in the chain up to the root CA certificate, in PEM format.

for instructions.