Site-to-Site VPNsNokia IP40 User Guide 147Figure 8 NAT ModeSolution A: IP40 Satellite X to VPN-1 (Site-to-Site VPN)Hosts on Network 1 establish the TCP/IP connection to the external IP address of the IP40Satellite X site-to-site VPN gateway. The IP40 Satellite X device is configured through the IP40GUI Security page to port forward the inbound traffic to the defined host.Solution B: Satellite X to Satellite X (Site-to-Site VPN)IP40 Satellite X supports the creation of site-to-site VPN connections between two or more IP40Satellite X devices. Hosts on either network can directly initiate traffic to hosts on the peernetwork. The IP40 Satellite X is configured through the IP40 GUI Security page to port forwardthe inbound traffic to the defined host.Installing VPN CertificatesThe VPN Certificates are used to authenticate a VPN connection established between CheckPoint SmartCenter NG AI using Check Point Large Scale Manager and the dynamicallyconfigured IP40 using DAIP.The certificate created on the Check Point NG AI can be uploaded on to the IP40 Satellite X.To upload VPN Certificates and to create a Dynamic VPN Site using Check PointLSM1. On the Navigation Bar, click Services > Connect.The Subscription Services Wizard appears.2. Enter the IP address of the Check Point NG AI Management stationThe Connecting screen appears.3. Enter the Gateway Id and Registration Key which is used while creating the IP40 DynamicObject on the LSM4. The Connecting Screen appears.After Connecting the list of Services downloaded is displayed.5. Click Finish.6. Click the VPN button on the main menu and select the VPN Certificate tab7. Click on the VPN Sites tab to see the Dynamic VPN tunnel created between your IP40 andCheck Point NG AI management stationNon RoutableIP Network-1Non RoutableIP Network-2Initiate VPN TunnelsFW-1/ VPN-1 IP40 SatelliteInternet00407