- Enterasys Security Router User's Guide
VPN Configuration Overview
XSR User’s Guide 14-31
Issuer: C=US, O=sml, CN=ldapca
Valid From: 2002 Aug 5th, 12:40:46 GMT
Valid To: 2004 Aug 5th, 12:48:15 GMT
Subject: C=US, O=sml, CN=ldapca
Fingerprint: D423E129 81904CE0 1E6D0FE0 A123A302
Certificate Size: 1157 bytes
RA KeyEncipher Certificate - ldapca-rae
State: CA-AUTHENTICATED
Version: V3
Serial Number: 458128935273366930063530
Issuer: C=US, O=sml, CN=ldapca
Valid From: 2002 Sep 20th, 14:07:34 GMT
Valid To: 2004 Aug 5th, 16:16:08 GMT
Subject: C=US, O=sml.com, CN=sml_requestor
Fingerprint: F1279D63 AFFC3D93 48E5F311 73A1D16F
Certificate Size: 1695 bytes
RA Signature Certificate - ldapca-ras
State: CA-AUTHENTICATED
Version: V3
Serial Number: 458128729515158954573993
Issuer: C=US, O=sml, CN=ldapca
Valid From: 2002 Sep 20th, 20:45:13 GMT
Valid To: 2004 Aug 5th, 20:55:13 GMT
Subject: C=US, O=sml.com, CN=sml_requestor
Fingerprint: 91EB5A77 B5CA535A 077B65C5 65035615
Certificate Size: 1695 bytes
10. Optional. Change the enrollment retry count and period to a value matching your CA
administrator’s needs.
The following values handle “non-pending” mode at the CA when a certificate request could
time out while waiting for a response. Six requests will be issued every 10 minutes.
XSR(config)#enrollment retry count 6
XSR(config)#enrollment retry period 10
Interface VPN Options
Some configurations require the construct of virtual interfaces that represent tunnels on the XSR.
A virtual interface defined by the
interface vpn command often represents IPSec tunnels
configured automatically by EZ-IPSec. A VPN interface can also be configured as a point-to-point
or a point-to-multi-point interface with the following conditions:
•The
interface vpn [#] point-to-point command applies to Site-to-Site or EZ-IPSec
tunnels initiated by the XSR
•The
interface vpn [#] multi-point command applies to an XSR used as a gateway and
tunnel terminator