Manualshelf

F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices VPN Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
311312313314315316317318319320
309
Figure 212 Network diagram
538BConfiguration procedure
1. Configure Firewall A:
# Configure the entity DN.
<FirewallA> system-view
[FirewallA] pki entity en
[FirewallA-pki-entity-en] ip 2.2.2.1
[FirewallA-pki-entity-en] common-name firewalla
[FirewallA-pki-entity-en] quit
# Configure the PKI domain. The URL of the registration server is for illustration only.
[FirewallA] pki domain 1
[FirewallA-pki-domain-1] ca identifier CA1
[FirewallA-pki-domain-1] certificate request url
http://1.1.1.100/certsrv/mscep/mscep.dll
[FirewallA-pki-domain-1] certificate request entity en
[FirewallA-pki-domain-1] ldap-server ip 1.1.1.102
# Set the registration authority to RA.
[FirewallA-pki-domain-1] certificate request from ra
# Configure the CRL distribution URL. This is not necessary if CRL checking is disabled.
[FirewallA-pki-domain-1] crl url ldap://1.1.1.102
[FirewallA-pki-domain-1] quit
# Create a local key pair using RSA.
[FirewallA] public-key local create rsa
# Request a certificate.
[FirewallA] pki retrieval-certificate ca domain 1