Kerio Control can use several IKE ciphers during the connecting and authorizing process of the IPsec tunnel. For details, see Configuring IKE ciphers. (Optionally) In Phase 1 and Phase 2 cipher, click Change and configure ciphers manually. This may be required if you want to connect Kerio Control with the third party firewall. Export the certificate from Kerio Control and import it to the remote endpoint. Copy the remote SSL certificate ID to the Remote ID field and vice versa: import the Kerio Control authority to the remote endpoint and copy the Local ID somewhere in the remote endpoint. Not in the local store - only the authority was imported to Kerio Control. When the SSL certificate/Authority is imported, follow these instructions: You also need to know the Local ID (Distinguished name) of the remote certificate. The authority that signed the remote certificate is imported in Kerio Control ( Definitions > SSL Certificates). The SSL certificate of the remote endpoint is imported in Kerio Control ( Definitions > SSL Certificates). On tabs Remote Networks and Local Networks, you must define all remote networks, including subnet for VPN clients and all local networks which are not detected by Kerio Control.Īuthentication with an SSL certificate requires a valid SSL certificate on both endpoints.
This may be required if you want to connect Kerio Control with the third party firewall. (Optionally) In Phase 1 and Phase 2 cipher, click Change and configure the ciphers manually. If you change the Kerio Control hostname, the Local ID is changed too.
Predefined Local ID is the hostname of Kerio Control. Select the Preshared key and type the key.Ĭopy the value of the Local ID field from Kerio Control to the Remote ID of the remote endpoint and vice versa. The active endpoint establishes and maintains a connection to the passive endpoint. At least one endpoint must be set as active. Set the tunnel as active and type the hostname of the remote endpoint. In the administration interface, go to Interfaces. Both endpoints use the same password for authentication:
You can select one of the following methods: Pre Shared Key Authentication
0 kommentar(er)
