beautypg.com

NEXCOM IFA 1610 User Manual

Page 70

background image

Copyright © 2014 NEXCOM International Co., Ltd. All Rights Reserved.

IFA 3610/IFA 2610/IFA 1610 User Manual

Chapter 7: The VPN Menu

67

How to create a Net-To-Net VPN with IPsec using certificate authentication.

Scenario:

▪ Firewall CoreFW - REDIP: 100.100.100.100, GREENIP: 10.10.10.1/24

▪ Firewall LocalFW - REDIP: 200.200.200.200, GREENIP: 192.168.0.1/24

Problem: Connect LocalFW to CoreFW using IPsec.

Solution:

▪ The following steps have to be performed on CoreFW:

1. Go to Menubar

VPN IPsec, enable IPsec, and specify 100.100.100.100 as Local VPN hostname/IP.

2. After saving, click on the Generate host/root certificate button, unless they have already been generated, and

compile the form.

3. Download the host certificate and save it as fw_a_cert.pem.
4. In the Connection status and control box click on the Add button, then select Net-to-Net. In the page that opens,

two box will appear.

5. In Connection configuration enter 200.200.200.200 in the Remote host/IP field, 10.10.10.0/24 as Local subnet and

192.168.0.0/24 as Remote subnet.

6. In the Authentication box select Generate a certificate and compile the form. Make sure to set a password.
7. After saving, download the PKCS12 file and save it as fw_a.p12.

▪ The following steps have to be performed on LocalFW:

1. Go to Menubar

VPN IPsec, enable IPsec, and specify 200.200.200.200 as Local VPN hostname/IP.

2. After saving click on the Generate host/root certificate button. If they had already been generated, Reset the

previous certificates.

3. In the Generate host/root certificate, Do not fill in any field in the first section! Instead, upload the fw_a.p12 file

saved from CoreFW, enter the password, and click on the Upload PKCS12 file.

4. Click on Add in the Connection status and control box, then select Net-to-Net. In the page that opens, two box will

appear.

5. In Connection configuration enter 100.100.100.100 in the Remote host/IP field, 192.168.0.0/24 as Local subnet and

10.10.10.0/24 as Remote subnet.

6. In the Authentication box select Upload a certificate and upload the fw_a_cert.pem that have created on MainFW.

This manual is related to the following products:
See also other documents in the category NEXCOM Hardware: