This configuration example uses public key authentication to connect two Smoothwalls, each with their own Certificate Authority so that they can manage their own site-to-site and road warrior connections.
The following assumptions have been made:
- Two Smoothwalls.
- Each Smoothwall has its own Certificate Authority.
- Each Certificate Authority has created a signed certificate for its own local Smoothwall.
The tunnel can now be established and authenticated between the two Smoothwalls. In addition, each Smoothwall can manage its own site-to-site and road warrior connections autonomously by using its own Certificate Authority to create additional certificates.
Procedure
- On both systems, on the Network menu, under the VPN submenu, click Certificates.
- Export the local certificates from both the Smoothwalls by using the PEM format.
- Import each PEM certificate on the opposite Smoothwall.
- Create an IPsec site-to-site tunnel specification on the first Smoothwall and select the second Smoothwall’s host certificate in the Authenticate by list.
- Create an IPsec site-to-site tunnel specification on the second Smoothwall and select the first Smoothwall’s host certificate in the Authenticate by list.