F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices VPN Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

Retrieving and displaying a CRL ························································································································ 277

Certificate request from a Windows 2003 CA server configuration example············································· 278

Certificate request from an RSA Keon CA server configuration example ····················································· 284

IKE negotiation with RSA digital signature configuration example ······························································· 288

Configuring PKI at the CLI ··········································································································································· 294

PKI configuration task list ···································································································································· 294

Configuring an entity DN ··································································································································· 294

Configuring a PKI domain ·································································································································· 296

Requesting a PKI certificate ································································································································ 297

Retrieving a certificate manually ························································································································ 299

Verifying PKI certificates ····································································································································· 299

Destroying the local RSA key pair ····················································································································· 301

Deleting a certificate ··········································································································································· 301

Configuring an access control policy ················································································································ 301

Displaying PKI ······················································································································································ 302

Certificate request from an RSA Keon CA server configuration example ····················································· 302

Certificate request from a Windows 2003 CA server configuration example············································· 305

IKE negotiation with RSA digital signature configuration example ······························································· 308

Certificate attribute-based access control policy configuration example ······················································ 311

Troubleshooting PKI ····················································································································································· 312

Failed to retrieve a CA certificate ······················································································································ 312

Failed to request a local certificate ··················································································································· 313

Failed to retrieve CRLs ········································································································································ 313

Managing public keys ············································································································································ 315

Overview ······································································································································································· 315

Configuration task list ·················································································································································· 315

Creating a local asymmetric key pair ························································································································ 316

Displaying or exporting the local host public key ···································································································· 316

Displaying and recording the host public key information ······················································································ 317

Displaying the host public key in a specific format and saving it to a file ···························································· 317

Exporting the host public key in a specific format to a file ····················································································· 317

Destroying a local asymmetric key pair ···················································································································· 318

Specifying the peer public key on the local device ·································································································· 318

Displaying public keys ················································································································································· 319

Public key configuration examples ····························································································································· 319

Entering the peer public key on the local device ····························································································· 319

Importing a public key from a public key file ··································································································· 321

Configuring SSL VPN ·············································································································································· 324

Feature and hardware compatibility ·························································································································· 324

How SSL VPN works ···················································································································································· 325

Advantages of SSL VPN ·············································································································································· 325

Configuring SSL VPN at the CLI ································································································································· 326

Configuration procedure ···································································································································· 326

SSL VPN configuration example at the CLI ······································································································· 327

Configuring SSL VPN in the Web interface ·············································································································· 328

Configuring SSL VPN gateway ·························································································································· 328

Configuring user access to SSL VPN ················································································································· 368

SSL VPN configuration example in the Web interface ··················································································· 372

Configuring AFT ······················································································································································ 390

Basic concepts ····················································································································································· 390