F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices VPN Configuration Guide-6PW100
321
[DeviceB-pkey-key-code]30819F300D06092A864886F70D010101050003818D0030818902818100
D900
03FA95F5A44A2A2CD3F814F9854C4421B57CAC64CFFE4782A87B0360B600497D87162D1F398E6E5E5
1E5E
353B3A9AB16C9E766BD995C669A784AD597D0FB3AA9F7202C507072B19C3C50A0D7AD3994E14ABC62
DB12
5035EA326470034DC078B2BAA3BC3BCA80AAB5EE01986BD1EF64B42F17CCAE4A77F1EF999B2BF9C4A
1020
3010001
[DeviceB-pkey-key-code] public-key-code end
[DeviceB-pkey-public-key] peer-public-key end
# Display the host public key of Device A saved on Device B.
[DeviceB] display public-key peer name devicea
=====================================
Key Name : devicea
Key Type : RSA
Key Module: 1024
=====================================
Key Code:
30819F300D06092A864886F70D010101050003818D0030818902818100D90003FA95F5A44A2A2CD3F
814F
9854C4421B57CAC64CFFE4782A87B0360B600497D87162D1F398E6E5E51E5E353B3A9AB16C9E766BD
995C
669A784AD597D0FB3AA9F7202C507072B19C3C50A0D7AD3994E14ABC62DB125035EA326470034DC07
8B2B
AA3BC3BCA80AAB5EE01986BD1EF64B42F17CCAE4A77F1EF999B2BF9C4A10203010001
The output shows that the host public key of Device A saved on Device B is consistent with the one
created on Device A.
275BImporting a public key from a public key file
In this example, Device A or Device B is the firewall.
552BNetwork requirements
As shown in 926HFigure 216, to prevent illegal access, Device B (the local device) authenticates Device A (the
peer device) through a digital signature. Before configuring authentication parameters on Device B,
configure the public key of Device A on Device B.
• Configure Device B to use the asymmetric key algorithm of RSA to authenticate Device A.
• Import the host public key of Device A from the public key file to Device B.
Figure 216 Network diagram
553BConfiguration procedure
1. Create key pairs on Device A and export the host public key:
# Create local RSA key pairs on Device A, setting the modulus length to the default, 1024 bits.