343
Configuring a Virtual Private Network
3. If the signer of the remote X.509 certificate has not already been included in the CA list file that
has already been downloaded to the IOLAN, you need to add (append) the signer of the X.509
certificate to the CA list file and then download the file to the IOLAN by selecting
Tools,
Advanced, Keys and Certificates. In the Keys and Certificates window, select Download
SSL/TLS CA
and the file name and click OK. Note that this file must be a concatenation of all
certificate signers required for any SSL/TLS, LDAP, SSH, and/or IPsec connections.
4. Enable the IPsec service found in Security, Services.
Host-to-Host
The following example shows how to configure two IOLANs to work as VPN gateways for a host-to-
host IPsec tunnel.
NAT Traversal (NAT_T) is enabled in this example (on both sides) because the
VPN tunnel is going private network to public network to private network. In this example, both of
the IOLAN VPN gateways have a DHCP assigned IP address.
IOLAN VPN
Gateway
DHCP assigned IP
172.16.45.23
DHCP assigned IP
192.168.45.87
External IP Address
196.15.23.56
IOLAN VPN
Gateway
External IP Address
199.24.23.88
Left
Right
IPsec Tunnel--Encrypted Data
Unencrypted
Data
Internet
172.16.45.99
192.168.45.99
Router
Router
Unencrypted
Data
1. The following window configures the Left IOLAN VPN Gateway:
%defaultroute is entered for the Local IP Address because the IP address is DHCP assigned
and is therefore subject to change.