Moxa EDR-810-VPN-2GSFP [128/139] Ipsec status

Industrial Secure Router User's Manual Virtual Private Network (VPN)

9-8

IPSec Status

The user can check the VPN tunnel status in the IPSec Connection List.

This list shows the Name of the IPSec tunnel, IP address of Local and Remote Subnet/Gateway, and the

established status of the Key exchange phase and Data exchange phase.

X.509 Certificate

X.509 is a digital certificate method commonly used for IPSec Authentication. The Industrial Secure Router can

generate a trusted Root Certification and then export/import the certificate to the remote VPN gateway.

The diagram below indicates the 5 steps you should follow to use X.509 for IPSec authentication with two VPN

gateways, referred to as EDR-G903(A) and EDR-G903(B) in the diagram:

1. Root Certificate generation. Both EDR-G903(A) and EDR-G903(B) need to generate their own root

certificates.

2. EDR-G903(A) and EDR-G903(B) can request new certifications based on their own Root Certificates.

3. Generate PKCS#12 local certificate with password (.p12) and Certificate file for remote VPN tunnel (.crt)

a. EDR-G903(A)Moxa-A.p12 and Moxa-A.crt

b. EDR-G903(B)Moxa-B.crt and Moxa-B.crt

4. Upload the PKCS#12 certificate to the Local Certification list

a. Moxa-A.p12 in EDR-G903(A)

b. Moxa-B.p12 in EDR-G903(B)

5. Send the Certificate file (.crt) to the remote VPN gateway and upload to the Remote certificate file

a. Upload Moxa-B.crt to EDR-G903(A)

b. Upload Moxa-A.crt to EDR-G903(B)