Configuring the Local Security Gateway

This section outlines steps which should be performed on the local Security Gateway.

1. Enter the IPsec Module

Log onto the WebTool, click the "Security" icon, then the "IPsec Management" link.

2. Define Interfaces and Set Defaults

From the module index click the "General Configuration" link. Check the boxes next to the interfaces you want to use for IPsec and (optionally) set defaults. Click "Save Configuration"

3. Set up Certification Authority

From the module index click the "Local CA, Certificates, and Keys" link then the "Edit" link under "Local Certification Authority." Fill in the required fields, check the "I am aware..." box, and click "Create CA."

4. Create Local Host Certificate

From the "Local Certificates and Keys" section click the "New Host Certificate" link. Fill in the required fields setting "Authority Name" to the FQDN of this local machine. Check the "I am aware..." box and click "Create Certificate".

5. Create Another Host Certificate

Now you must create a certificate for the Remote Security Gateway.

From the " Local Certificates and Keys" section click the "New Host Certificate" link. Fill in the required fields setting "Authority Name" to the FQDN of the REMOTE machine. Check the "I am aware..." box and click "Create Certificate".

6. Create Local Profile

From the module index click "Security Gateways" then "[ New Local Security Gateway ]". Fill in the required fields.

Because this Quickstart is using RSA Authentication as an example you must set "Identification" to "Certificate". You must also select the Host Certificate you created for this LOCAL machine from the "Certificate" drop-down.

When you have filled in all the required items click "Create Security Gateway."

7. Create Remote Profile

From the module index click "Security Gateways" then "New Remote Security Gateway". Fill in the required fields.

For "Connection Type" select "Standard" and enter the addressing information in the boxes labeled "IP Address", "Gateway", and "Remote Secure LAN."

Because this Quickstart is using RSA Authentication as an example you must set "Authentication Type" to "RSA Signature" and "Identification" to "Certificate". You must also select the Host Certificate you created for the REMOTE machine from the "Certificate" drop-down.

When you have filled in all the required items click "Create Security Gateway."

8. Download Remote Configuration

From the module index click "Download Remote Configuration". Select a "Local Security Gateway" from the drop-down. Once you have selected a Local Security Gateway may choose a corresponding "Remote Security Gateway".

When you have selected your Security Gateways, click "Continue."

The next page will ask you to verify your selections. It will show the network topology along with what cipher, etc. are selected.

To proceed with the process and download a remote configuration, click "Continue." Click "Download Remote Configuration" and save the file to your local hard disk.

9. Restart IPsec

From the module index click the "[ Restart IPsec ]" link toward the bottom of the page.