Vigor routers support RSA(X.509) to authenticate IPsec, which enhances security of the VPN tunnels. In this article, we will take XCA as certificate provider to generate certificates for VPN routers to build an IPsec tunnel with RSA.
1. Go to System Maintenance >> Time and Date and make sure time setting is correct
2. Go to Certificate Management >> Local Certificate and click Generate
3. Enter the certificate details, and click Generate
4. Click View, and copy the PEM Format Content
5. Run XCA, click New Certificate, and select [default]CA template in certificate tab
6. In the subject tab, enter RootCA details and generate a new key, then click Create to build a RootCA to sign certificates for the VPN routers
7. Export the RootCA in PEM(*.crt) format, and import it in the router on Certificate Management >> Trusted CA Certificate
8. Back to XCA, right click in Certificate signing requests and Paste PEM data, then Import All
9. Right click the certificate and sign it by the RootCA we just built
10. Export the certificate in PEM(*.crt) format in Certificate tab, and import it in the router on Certificate Management >> Local Certificate
11. Go to VPN and Remote Access >> IPsec General Setup, and select the local certificate we just built in IKE Authentication Method >> Certificate
12. Go to VPN and Remote Access >> IPsec Peer Identity and click an Index
13. Go to VPN and Remote Access >> LAN to LAN, and click an Index
14. Repeat step 1~4 and 7~10 to build a certificate for the other VPN router
15. Go to VPN and Remote Access >> IPsec Peer Identity and click an Index
16. Go to VPN and Remote Access >> LAN to LAN, and click an Index
17. Go to VPN and Remote Access >> Connection Management, select the VPN profile to Dial
We will see VPN Connection Status down below when VPN is up.
Was this helpful?
Thank you for your feedback :)
Sorry about that. Contact Support if you need further assistance, or leave us some comments below to help us improve.