Manualsbrain.com
  1. Manuais
  2. Marcas
  3. ZyXEL
  4. 35
  5. Guia Do Utilizador

ZyXEL 35 Guia Do Utilizador

Download
Página de 335
 
 
ZyWALL 35 Support Notes 
 
 
All contents copyright (c) 2006 ZyXEL Communications Corporation.   
82
 
Online Enroll Certificates 
 
This example displays how to use PKI feature in VPN function of ZyXEL appliance. Through PKI function, 
users can achieve party identification when doing VPN/IPSec negotiation. With online enrollment, ZyWALL 
firstly create certification request locally, then send certification request to trusted CA (Certificate Authority) 
servers, and finally get a certificate for further usage. ZyWALL supports both SCEP and CMP protocols as 
methods of online enrollment. Both SCEP and CMP online enrollment protocols provide secure mechanisms to 
transmit ZyWALL's certification request securely over Internet. In this example, we adopt SCEP protocol to 
enroll certificates.  
Step 1. Download CA server's Certificate 
Step 2. Create certificate request and enroll certificate request on ZyWALL A 
Step 3. Create certificate request and enroll certificate request on ZyWALL B 
Step 4. Using Certificate in VPN on ZyWALL A 
Step 5. Using Certificate in VPN on ZyWALL B
 
 
LAN 1
ZyWALL A
ZyWALL B
LAN 2
10.1.133.0/24 
LAN: 10.1.133.1 
WAN:   192.168.1.35 
LAN: 192.168.2.1 
WAN: 192.168.1.36 
192.168.2.0/24 
 
Step 1. Download CA server's Certificate