11I-WLAN178Authentication of the security gateway with certificates is done without referencing a CRL ona CA server. The gateway sends the appropriate Host Certificate to the client which thenvalidates it against its own, preinstalled CA signed root certificate. This may require the use ofIntermediate Certificates that are also sent to the client by the security gateway. Thesequence of steps in this process is described later.I-WLAN componentsThe SEG components for I‐WLAN are:• An IPsec Tunnel for remote, roaming client access to the security gateway. This is tightlycoupled to a GTP tunnel using SEG Interface Stitching.• A GTP Tunnel for access to the GPRS backbone network from the security gateway. This istightly coupled to an IPsec tunnel using SEG Interface Stitching.• The SEG should have a license installed that has GTP enabled. The current licensecapabilities can be examined with the license CLI command. If GTP is not enabled, theGTP tunnels, the interface stitching, and the stitched IPsec tunnels will not function.• At least one DNS server IP address must be configured in the SEG for DNS lookup. This maybe located in the GPRS backbone network.GTP tunnelsThe principal properties for defining a GTP tunnel are listed below. Not all the availableproperties are included. The ones that are omitted are usually rarely changed from theirdefaults but can be if required.General settings• LocalEndpointThe logical IP address of the GTP interface. This is the address that will be used as thesource address for GTP‐C and GTP‐U. The IP Address must be unique amongst GTPinterfaces if there is more than one.• EndUserDNSIf a DNS is configured for the GTP interface, this IP address will be passed back to theclient. If no DNS is configured for the GTP interface, the configured DNS client for thesecurity gateway will be used instead.• RoundRobinDNSRound‐robin between hosts when the DNS name contains multiple hosts. The defaultvalue is No. This option can be used for load balancing between multiple GGSNs.• MaxRequestsThis parameter is a counter that specifies a maximum value for the number ofretransmissions for requests towards GTP peers. A path to a GTP peer will be considereddown if the number of retries is greater than the maximum specified. The default value is5.