Manualshelf

R3166-R3206-HP High-End Firewalls VPN Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
161162163164165166167168169170
160
keyid:9D823258 EADFEFA2 4A663E75 F416B6F6 D41EE4FE
X509v3 CRL Distribution Points:
URI:http://l00192b/CertEnroll/CA%20server.crl
URI:file://\\l00192b\CertEnroll\CA server.crl
Authority Information Access:
CA Issuers - URI:http://l00192b/CertEnroll/l00192b_CA%20server.crt
CA Issuers - URI:file://\\l00192b\CertEnroll\l00192b_CA server.crt
1.3.6.1.4.1.311.20.2:
.0.I.P.S.E.C.I.n.t.e.r.m.e.d.i.a.t.e.O.f.f.l.i.n.e
Signature Algorithm: sha1WithRSAEncryption
81029589 7BFA1CBD 20023136 B068840B
(Omitted)
You can also use some other display commands to view more information about the CA certificate. For
more information about the display pki certificate ca domain command, see VPN Command Reference.
Applying RSA digital signature in IKE negotiation
1. Network requirements
An IPsec tunnel is set up between Firewall A and Firewall B to secure the traffic between Host A on
subnet 10.1.1.0/24 and Host B on subnet 11.1.1.0 / 24 .
Firewall A and Firewall B use IKE for IPsec tunnel negotiation and RSA digital signature of a PKI
certificate system for identity authentication.
As shown in Figure 89, F
irewall A and Firewall B use different CAs. They might also use the same
CA as required.