Host-to-host – Perle Systems IOLAN SCS User Manual

331

Configuring a Virtual Private Network

3.

If the signer of the remote X.509 certificate has not already been included in the CA list file that
has already been downloaded to the IOLAN, you need to add (append) the signer of the X.509
certificate to the CA list file and then download the file to the IOLAN by selecting

Tools

,

Advanced

,

Keys and Certificates

. In the Keys and Certificates window, select

Download

SSL/TLS CA

and the file name and click

OK

. Note that this file must be a concatenation of all

certificate signers required for any SSL/TLS, LDAP, SSH, and/or IPsec connections.

4.

Enable the

IPsec

service found in

Security

,

Services

.

Host-to-Host

The following example shows how to configure two IOLANs to work as VPN gateways for a
host-to-host IPsec tunnel.

NAT Traversal (NAT_T)

is enabled in this example (on both sides) because

the VPN tunnel is going private network to public network to private network. In this example, both
of the IOLAN VPN gateways have a DHCP assigned IP address.

1.

The following window configures the Left IOLAN VPN Gateway:

%defaultroute

is entered for the

Local IP Address

because the IP address is DHCP assigned

and is therefore subject to change.

IOLAN VPN

Gateway

DHCP assigned IP

172.16.45.23

DHCP assigned IP

192.168.45.87

External IP Address

196.15.23.56

IOLAN VPN

Gateway

External IP Address

199.24.23.88

Left

Right

IPsec Tunnel--Encrypted Data

Unencrypted

Data

Internet

172.16.45.99

192.168.45.99

Router

Router

Unencrypted

Data