R3166-R3206-HP High-End Firewalls VPN Configuration Guide-6PW101
144
• Type 1 as the IKE proposal number.
• Select RSA Signature as the authentication method.
• Click Apply.
# Configure an IKE peer and reference the configuration of the PKI domain for the IKE peer.
• Select VPN > IKE > Peer from the navigation tree and then click Add.
• Type peer as the peer name.
• Type 3.3.3.1 as the remote IP address.
• Select PKI Domain and then select the PKI domain of 1.
• Click Apply.
b. Configure Firewall B
# Create a PKI entity.
• Select VPN > PKI > Entity from the navigation tree and then click Add.
• Type en as the PKI entity name.
• Type device-b as the common name.
• Type 3.3.3.1 as the IP address of the entity.
• Click Apply.
# Create a PKI domain.(The RA URL given here is just an example. Configure the RA URL as required.)
• Select VPN > PKI > Domain from the navigation tree and then click Add.
• Type 1 as the PKI domain name.
• Type CA2 as the CA identifier.
• Select en as the local entity.
• Select RA as the authority for certificate request.
• Type h t t p : / / 2 .1.1.1 0 0 / c e r t s r v / m s c e p / m s c e p . d l l as the URL for certificate request.
• Type 2.1.1.102 as the IP address of the LDAP server, 389 as the port number, and 2 as the version
number.
• Select Manual as the certificate request mode.
• Click Display Advanced Config to display the advanced configuration items.
• Select the Enable CRL Checking check box.
• Type ldap://2.1.1.102 as the URL for CRLs.
• Cl
ick Apply.
# Generate an RSA key pair.
• Select VPN > PKI > Certificate from the navigation tree and then click Create Key.
• Click Apply to generate an RSA key pair.
# Retrieve the CA certificate.
• Select VPN > PKI > Certificate from the navigation tree and then click Retrieve Cert.
• Select 1 as the PKI domain.
• Select CA as the certificate type.
• Click Apply.
# Request a local certificate.