Amer Networks E5Web GUI User Manual

B. Upload all the client self-signed certificates:

1.

Go to: Objects > Key Ring > Add > Certificate

2.

Enter a suitable name for the Certificate object

3.

Select the X.509 Certificate option

4.

Click OK

C. Create Identification Lists:

1.

Go to: Objects > VPN Objects > ID List > Add > ID List

2.

Enter a suitable name, for example sales

3.

Click OK

4.

Go to: Objects > VPN Objects > ID List > Sales > Add > ID

5.

Enter the name for the client

6.

Select Email as Type

7.

In the Email address field, enter the email address selected when the certificate was
created on the client

8.

Create a new ID for every client that is to be granted access rights, according to the
instructions above

D. Configure the IPsec tunnel:

1.

Go to: Network > Interfaces and VPN > IPsec > Add > IPsec Tunnel

2.

Now enter:

•

Name: RoamingIPsecTunnel

•

Local Network: 10.0.1.0/24 (This is the local network that the roaming users will connect
to)

•

Remote Network: all-nets

•

Remote Endpoint: (None)

•

Encapsulation Mode: Tunnel

3.

For Algorithms enter:

•

IKE Algorithms: Medium or High

•

IPsec Algorithms: Medium or High

4.

For Authentication enter:

•

Choose X.509 Certificate as authentication method

•

Root Certificate(s): Select all client certificates and add them to the Selected list

•

Gateway Certificate: Choose the newly created gateway certificate

Chapter 9: VPN

602