Manualshelf

R3721-F3210-F3171-HP High-End Firewalls VPN Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
301302303304305306307308309310
292
After retrieving a local certificate, select VPN > Certificate Management > CRL from the navigation
tree.
Figure 197 Retrieve CRL
Click Retrieve CRL of the PKI domain of torsa.
Verifying the configuration
After the configuration, select VPN > Certificate Management > Certificate from the navigation tree to
view detailed information about the retrieved CA certificate and local certificate, or select VPN >
Certificate Management > CRL from the navigation tree to view detailed information about the retrieved
CRL.
Applying RSA digital signature in IKE negotiation
NOTE:
In this configuration example, either Device A or Device B is the firewall.
Network requirements
As shown in Figure 198,
An IPsec tunnel is set up between Device A and Device B to secure the traffic between Host A on
subnet 10.1.1.0/24 and Host B on subnet 11.1.1.0 / 24 .
Device A and Device B use IKE for IPsec tunnel negotiation and RSA digital signature of a PKI
certificate system for identity authentication.
Device A and Device B use different CAs. They may also use the same CA as required.