Amer Networks E5Web GUI User Manual

•

Identification List: Select the ID List that is to be associated with the VPN Tunnel. In this
case, it will be sales

5.

Under the Routing tab:

•

Enable the option: Dynamically add route to the remote network when a tunnel is
established.

6.

Click OK

E. Finally configure the IP rule set to allow traffic inside the tunnel.

Tunnels Based on CA Server Certificates

Setting up client tunnels using a CA issued certificate is largely the same as using Self-signed
certificates with the exception of a couple of steps.

It is the responsibility of the administrator to acquire the appropriate certificate from an issuing
authority for client tunnels. With some systems, such as Windows 2000 Server, there is built-in
access to a CA server (in Windows 2000 Server this is found in Certificate Services). For more
information on CA server issued certificates see Section 3.8, “Certificates”.

Example 9.6. Setting up CA Server Certificate based VPN tunnels for roaming clients

This example describes how to configure an IPsec tunnel at the head office Clavister Security
Gateway for roaming clients that connect to the office to gain remote access. The head office
network uses the 10.0.1.0/24 network span with external gateway IP wan_ip.

InControl

With InControl, this is done in a different way to the Web Interface.

Web Interface

A. Upload all the client certificates:

1.

Go to: Objects > Key Ring > Add > Certificate

2.

Enter a suitable name for the Certificate object

3.

Select the X.509 Certificate option

4.

Click OK

B. Create Identification Lists:

1.

Go to: Objects > VPN Objects > ID List > Add > ID List

2.

Enter a descriptive name, for example sales

3.

Click OK

4.

Go to: Objects > VPN Objects > ID List > Sales > Add > ID

Chapter 9: VPN

603