Choose the Wizard "Connect two local area networks (VPN)" for connectivity between two local area networks over VPN. In the appropriate dialog, select VPN connection authentication with certificates (RSA signature).
Enter the identities contained in the certificate for the local and remote devices. Enter the full information from the respective certificates in the correct order: The ASN.1 distinguished names listed in the certificates from top to bottom under Windows are entered into LANconfig from left to right.
Important: Microsoft Windows displays some values in the certificates with outdated abbreviations, such as ‘S’ instead of ‘ST’ for 'stateOrProvinceName', or ‘G’ instead of ‘GN’ for ‘givenName’. In these cases make sure that you use the current abbreviations 'ST' and 'GN'.
Note: The CLI command show vpn cert displays the content of the certificate in a device, including the entered Relative Distinguished Names (RDN) under "Subject".
If available choose the optimized connection establishment with IKE and PFS group 14. Only choose group 5 for IKE and PFS if this is required by the remote device.
Enter the names of the VPN remote site, the IP address, the netmask for the remote network and, if applicable, the domain for the DNS forwarding. If required, activate "Extranet" function and the "NetBIOS routing".