Manualshelf

R3166-R3206-HP High-End Firewalls VPN Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
141142143144145146147148149150
142
Select torsa as the PKI domain.
Select CA as the certificate type.
Click Apply.
# Request a local certificate.
Select VPN > PKI > Certificate from the navigation tree and then click Request Cert.
Select torsa as the PKI domain.
Select Password and then type challenge-word as the password.
Click Apply.
# Retrieve the CRL.
After retrieving a local certificate, select VPN > PKI > CRL from the navigation tree.
Click Retrieve CRL of the PKI domain of torsa.
Applying RSA digital signature in IKE negotiation
1. Network requirements
An IPsec tunnel is set up between Firewall A and Firewall B to secure the traffic between Host A on
subnet 10.1.1.0/24 and Host B on subnet 11.1.1.0 / 24 .
Firewall A and Firewall B use IKE for IPsec tunnel negotiation and RSA digital signature of a PKI
certificate system for identity authentication.
As shown in Figure 86, F
irewall A and Firewall B use different CAs. They may also use the same CA
as required.
Figure 86 Network diagram for applying RSA digital signature in IKE negotiation