Manualshelf

R3721-F3210-F3171-HP High-End Firewalls VPN Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
301302303304305306307308309310
299
Select RA as the authority for certificate request.
Enter h t t p : / / 2 .1.1.10 0 / c e r t s r v / m s c e p / m s c e p . d l l as the URL for certificate request.
Enter 2.1.1.102 as the IP address of the LDAP server, 389 as the port number, and 2 as the version
number.
Select Manual as the certificate request mode.
Click Advanced Configuration to display the advanced configuration items.
Select the Enable CRL Checking box.
Enter ldap://2.1.1.102 as the URL for CRLs.
Click Apply. When the system displays "Fingerprint of the root certificate not specified. No root
certificate validation will occur. Continue?", click OK to confirm.
# Generate an RSA key pair.
Select VPN > Certificate Management > Certificate from the navigation tree and then click Create
Key.
Click Apply to generate an RSA key pair.
# Retrieve the CA certificate.
Select VPN > Certificate Management > Certificate from the navigation tree and then click Retrieve
Cert.
Select 1 as the PKI domain.
Select CA as the certificate type.
Click Apply.
# Request a local certificate.
Select
VPN > C
ertificate Management > Certificate from the navigation tree and then click Request
Cert.
Select 1 as the PKI domain.
Click Apply. When the system displays "Certificate request has been submitted", click OK to
confirm.
# Retrieve the CRL.
After retrieving a local certificate, select VPN > Certificate Management > CRL from the navigation
tree.
Click Retrieve CRL of the PKI domain of 1.
# Configure IKE proposal 1, using RSA signature for identity authentication.
Select VPN > IKE > Proposal from the navigation tree and then click Add.
Enter 1 as the IKE proposal number.
Select RSA Signature as the authentication method.
Click Apply.
# Configure an IKE peer and reference the configuration of the PKI domain for the IKE peer.
Select VPN > IKE > Peer from the navigation tree and then click Add.
Enter peer as the peer name.
Select PKI Domain and then select the PKI domain of 1.
Click Apply.