F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices VPN Configuration Guide-6PW100
319
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Specify a name for the public
key and enter public key view.
public-key peer keyname
N/A
3. Enter public key code view.
public-key-code begin N/A
4. Configure the peer public key.
Type or copy the key
Spaces and carriage returns are allowed
between characters.
5. Return to public key view.
public-key-code end
When you exit public key code view, the
system automatically saves the public key.
6. Return to system view.
peer-public-key end N/A
65B
Displaying public keys
Task Command
Remarks
Display the local public keys
display public-key local { dsa | rsa } public
[ | { begin | exclude | include }
regular-expression ]
Available in any view.
Display the specified or all peer
public keys on the local device.
display public-key peer [ brief | name
publickey-name ] [ | { begin | exclude |
include } regular-expression ]
Available in any view.
66B
Public key configuration examples
274BEntering the peer public key on the local device
In this example, Device A or Device B is the firewall.
550BNetwork requirements
As shown in 925HFigure 215, to prevent illegal access, Device B (the local device) authenticates Device A (the
peer device) through a digital signature. Before configuring authentication parameters on Device B,
configure the public key of Device A on Device B.
• Configure Device B to use the asymmetric key algorithm of RSA to authenticate Device A.
• Manually specify the host public key of Device A's public key pair on Device B.
Figure 215 Network diagram
551BConfiguration procedure
1. Configure Device A:
# Create local RSA key pairs on Device A, setting the modulus length to the default, 1024 bits.
<DeviceA> system-view