ZyXEL 35 Guia Do Utilizador
ZyWALL 35 Support Notes
All contents copyright (c) 2006 ZyXEL Communications Corporation.
82
Online Enroll Certificates
This example displays how to use PKI feature in VPN function of ZyXEL appliance. Through PKI function,
users can achieve party identification when doing VPN/IPSec negotiation. With online enrollment, ZyWALL
firstly create certification request locally, then send certification request to trusted CA (Certificate Authority)
servers, and finally get a certificate for further usage. ZyWALL supports both SCEP and CMP protocols as
methods of online enrollment. Both SCEP and CMP online enrollment protocols provide secure mechanisms to
transmit ZyWALL's certification request securely over Internet. In this example, we adopt SCEP protocol to
enroll certificates.
Step 1. Download CA server's Certificate
Step 2. Create certificate request and enroll certificate request on ZyWALL A
Step 3. Create certificate request and enroll certificate request on ZyWALL B
Step 4. Using Certificate in VPN on ZyWALL A
Step 5. Using Certificate in VPN on ZyWALL B
LAN 1
ZyWALL A
ZyWALL B
LAN 2
10.1.133.0/24
LAN: 10.1.133.1
WAN: 192.168.1.35
LAN: 192.168.2.1
WAN: 192.168.1.36
192.168.2.0/24
Step 1. Download CA server's Certificate