If you want to use a certificate to authenticate the local connection endpoint, first create the certificate in the Digital Certificate Manger (DCM).
Click Next to go to the Local Connection Endpoint Identifier page.
Select Version 4 IP address as the identifier type. The associated IP address must be 10.6.1.1. Again, this information is defined in the certificate that you create in DCM.
Click Next to go to the Remote Key Server page.
Select Version 4 IP address in the Identifier type field.
Enter 10.196.8.6 in the Identifier field.
Click Next to go to the Data Services page.
Accept the default values, and then click Next to go to the Data Policy page.
Select Create a new policy and then select Highest security, lowest performance. Select Use the RC4 encryption algorithm.
Click Next to go to the Applicable Interfaces page.
Select TRLINE.
Click Next to go to the Summary page.
Review the objects that the wizard will create to ensure they are correct.
Click Finish to complete the configuration.
When the Activate Policy Filters dialog box appears, select No, packet rules will be activated at a later time and then click OK.
The next step is to specify that only System-A can initiate this connection. Do this by customizing the properties of the dynamic-key group,
MyCo2TheirCo, that the wizard created:
- Click By Group in the left pane of the VPN interface,
the new dynamic-key group, MyCo2TheirCo, displays in the right pane. Right-click it and select Properties.
- Go to the Policy page and select the Local system initiates connection option.
- Click OK to save your changes.
Parent topic:
Scenario: Basic business to business connection