R3166-R3206-HP High-End Firewalls VPN Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

141

142

143

144

145

146

147

148

149

150

145

• Select VPN > PKI > Certificate from the navigation tree and then click Request Cert.

• Select 1 as the PKI domain.

• Click Apply.

# Retrieve the CRL.

• After retrieving a local certificate, select VPN > PKI > CRL from the navigation tree.

• Click Retrieve CRL of the PKI domain of 1.

# Configure IKE proposal 1, using RSA signature for identity authentication.

• Select VPN > IKE > Proposal from the navigation tree and then click Add.

• Type 1 as the IKE proposal number.

• Select RSA Signature as the authentication method.

• Click Apply.

# Configure an IKE peer and reference the configuration of the PKI domain for the IKE peer.

• Select VPN > IKE > Peer from the navigation tree and then click Add.

• Type peer as the peer name.

• Type 2.2.2.1 as the remote IP address.

• Select PKI Domain and then select the PKI domain of 1.

• Click Apply.

NOTE:

The configuration procedure covers only the configurations for IKE negotiation using RSA digital

signature. For an IPsec tunnel to be established, you also need to perform IPsec configurations. For more

information, see the chapter "IPsec configuration."

Configuring PKI in the CLI

Complete the following tasks to configure PKI:

Task Remarks

Configuring an entity DN Required

Configuring a PKI domain Required

Submitting a PKI certificate

request

Submitting a certificate request

in auto mode

Required

Use either approach

Submitting a certificate request

in manual mode

Retrieving a certificate manually Optional

Configuring PKI certificate verification Optional

Destroying a local RSA or DSA key pair Optional

Deleting a certificate Optional

Configuring an access control policy Optional