IS200EACFG2A自动化模块备件
此外,它还将网关1的根CA的证书作为受信任的证书导入网关2。(请参阅以下两个子部分)通过从任何一个对等点开始,使用IKE和X.509协议建立IPsec VPN隧道,以便这两个子网中的所有客户端主机都可以相互通信。EW200工业蜂窝网关158总部网络A的参数设置示例下表列出了参数配置,作为IPsec VPN隧道建立的用户身份验证中使用的“我的证书”功能的示例,如上图所示。配置示例必须与以下两部分中的示例结合起来,以完成整个用户场景。对表中未提及的参数使用默认值。配置路径[我的证书]-[根CA证书配置]名称HQRootCA密钥类型:RSA密钥长度:1024位主题名称国家(C):TW州(ST):台湾位置(L):台北组织(O):EWANHQ组织单位(OU):HQRD通用名称(CN):HQRootCA电子邮件:hqrootca@etherwan.com.tw配置路径[我的证书]-[本地证书配置]名称HQCRT自签名:密钥类型:RSA密钥长度:1024位主题名称国家(C):TW州(ST):台湾位置(L):台北组织(O):EWANHQ组织单位(OU):HQRD通用名称(CN):HQCRT电子邮件:hqcrt@etherwan.com.tw配置路径[Isec]-[配置]IPsec启用配置路径[ISec]-[隧道配置]隧道启用隧道名称s2s-101接口WAN 1隧道方案站点到站点操作模式始终处于配置路径[IIPsec]-[本地和远程配置]本地子网10.0.76.0本地网络掩码255.255.255.0完全隧道禁用远程子网10.0.75.0远程网络掩码255.255255.0远程网关118.18.81.33配置路径[Isec]-[身份验证]EW200工业蜂窝网关159密钥管理IKE+X.509本地证书HQCRT远程证书BranchCRT本地ID用户名网络-A远程ID用户名网络-B配置路径[ISec]-[IKE阶段]协商模式主模式X-Auth ne用于分支办公室的网络-B下表列出了参数配置IPsec VPN隧道建立的用户身份验证中使用的“我的证书”功能的示例,如上图所示。配置示例必须与以下两部分中的示例结合起来,以完成整个用户场景。对于表中未提及的参数,使用默认值。配置路径[我的证书]-[本地证书配置]名称BranchCRT自签名:□ 密钥类型:RSA密钥长度:1024位主题名称国家(C):TW州(ST):台湾位置(L):台北组织(O):EWAN分支机构单位(OU):BranchRD通用名称(CN):Branch CRT电子邮件:branchcrt@etherwan.com.tw配置路径[Isec]-[配置]IPsec启用配置路径[ISec]-[隧道配置]隧道启用隧道名称s2s-102接口WAN 1隧道方案站点到站点操作模式始终处于配置路径[IIPsec]-[本地和远程配置]本地子网10.0.75.0本地网络掩码255.255.255.0完全隧道禁用远程子网10.0.76.0远程网络掩码255.255255.0远程网关203.95.80.22 EW200工业蜂窝网关160配置路径[Isec]-[身份验证]密钥管理IKE+X.509本地证书BranchCRT远程证书HQCRT本地ID用户名网络-B远程ID用户名网络-A配置路径[ISec]-[IKE阶段]协商模式主模式X-Auth
Go t In addition, it also imports the certificates of the root CA of Gateway 1 into Gateway 2 as the trusted ones. (Refer to following two sub-sections) An IPsec VPN tunnel is established with IKE and X.509 protocols by starting from either peer, so that all client hosts in these both subnets can communicate with each other. EW200 Industrial Cellular Gateway 158 Parameter Setup Example For Network-A at HQ The following tables list the parameter configuration as an example for the "My Certificate" function used in the user authentication of IPsec VPN tunnel establishing, as shown in the above diagram. The configuration example must be combined with the ones in following two sections to complete the whole user scenario. Use default value for parameters that are t mentioned in the tables. Configuration Path [My Certificate]-[Root CA Certificate Configuration] Name HQRootCA Key Key Type: RSA Key Length: 1024-bits Subject Name Country(C): TW State(ST): Taiwan Location(L): Taipei Organization(O): EWANHQ Organization Unit(OU): HQRD Common Name(CN): HQRootCA E-mail: hqrootca@etherwan.com.tw Configuration Path [My Certificate]-[Local Certificate Configuration] Name HQCRT Self-signed: Key Key Type: RSA Key Length: 1024-bits Subject Name Country(C): TW State(ST): Taiwan Location(L): Taipei Organization(O): EWANHQ Organization Unit(OU): HQRD Common Name(CN): HQCRT E-mail: hqcrt@etherwan.com.tw Configuration Path [IPsec]-[Configuration] IPsec Enable Configuration Path [IPsec]-[Tunnel Configuration] Tunnel Enable Tunnel Name s2s-101 Interface WAN 1 Tunnel Scenario Site to Site Operation Mode Always on Configuration Path [IPsec]-[Local & Remote Configuration] Local Subnet 10.0.76.0 Local Netmask 255.255.255.0 Full Tunnel Disable Remote Subnet 10.0.75.0 Remote Netmask 255.255.255.0 Remote Gateway 118.18.81.33 Configuration Path [IPsec]-[Authentication] EW200 Industrial Cellular Gateway 159 Key Management IKE+X.509 Local Certifica HQCRT Remote Certifica BranchCRT Local ID User Name Network-A Remote ID User Name Network-B Configuration Path [IPsec]-[IKE Phase] Negotiation Mode Main Mode X-Auth ne For Network-B at Branch Office The following tables list the parameter configuration as an example for the "My Certificate" function used in the user authentication of IPsec VPN tunnel establishing, as shown in the above diagram. The configuration example must be combined with the ones in following two sections to complete the whole user scenario. Use the default value for parameters that are t mentioned in the tables. Configuration Path [My Certificate]-[Local Certificate Configuration] Name BranchCRT Self-signed: □ Key Key Type: RSA Key Length: 1024-bits Subject Name Country(C): TW State(ST): Taiwan Location(L): Taipei Organization(O): EWANBranch Organization Unit(OU): BranchRD Common Name(CN): BranchCRT E-mail: branchcrt@etherwan.com.tw Configuration Path [IPsec]-[Configuration] IPsec Enable Configuration Path [IPsec]-[Tunnel Configuration] Tunnel Enable Tunnel Name s2s-102 Interface WAN 1 Tunnel Scenario Site to Site Operation Mode Always on Configuration Path [IPsec]-[Local & Remote Configuration] Local Subnet 10.0.75.0 Local Netmask 255.255.255.0 Full Tunnel Disable Remote Subnet 10.0.76.0 Remote Netmask 255.255.255.0 Remote Gateway 203.95.80.22 EW200 Industrial Cellular Gateway 160 Configuration Path [IPsec]-[Authentication] Key Management IKE+X.509 Local Certifica BranchCRT Remote Certifica HQCRT Local ID User Name Network-B Remote ID User Name Network-A Configuration Path [IPsec]-[IKE Phase] Negotiation Mode Main Mode X-Auth
