Manualshelf

R3303-HP HSR6800 Routers Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR68xx Configure-to-Order Router Solution
241242243244245246247248249250
235
X509v3 CRL Distribution Points:
URI:http://l00192b/CertEnroll/CA%20server.crl
URI:file://\\l00192b\CertEnroll\CA server.crl
Authority Information Access:
CA Issuers - URI:http://l00192b/CertEnroll/l00192b_CA%20server.crt
CA Issuers - URI:file://\\l00192b\CertEnroll\l00192b_CA server.crt
1.3.6.1.4.1.311.20.2:
.0.I.P.S.E.C.I.n.t.e.r.m.e.d.i.a.t.e.O.f.f.l.i.n.e
You can also use some other display pki certificate ca domain command to display more information
about the CA certificate.
IKE negotiation with RSA digital signature
Network requirements
An IPsec tunnel is set up between Router A and Router B to secure the traffic between Host A on subnet
10 .1.1. 0 / 24 a n d H o s t B o n s u b n e t 11.1.1.0 / 24 .
Router A and Router B use IKE for IPsec tunnel negotiation and RSA digital signature of a PKI certificate
system for identity authentication. Router A and Router B use the same CA.
Figure 82 Network diagram
Configuration procedure
1. Configure Router A: