R3721-F3210-F3171-HP High-End Firewalls VPN Configuration Guide-6PW101
325
Configuring a peer public key manually
Network requirements
As shown in Figure 212, to prevent illegal access, Device B authenticates Device A through a digital
signature. Before configuring authentication parameters on Device B, configure the public key of Device
A on Device B.
• Configure Device B to use the asymmetric key algorithm of RSA for identity authentication of Device
A.
• Manually configure the host public key of Device A on Device B.
Figure 212 Network diagram
Configuration procedure
1. Configure Device A:
# Create RSA key pairs on Device A.
<DeviceA> system-view
[DeviceA] public-key local create rsa
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Press CTRL+C to abort.
Input the bits of the modulus[default = 1024]:
Generating Keys...
++++++
++++++
++++++++
++++++++
# Display the public keys of the created RSA key pairs.
[DeviceA] display public-key local rsa public
=====================================================
Time of Key pair created: 09:50:06 2007/08/07
Key name: HOST_KEY
Key type: RSA Encryption Key
=====================================================
Key code:
30819F300D06092A864886F70D010101050003818D0030818902818100D90003FA95F5A44A2A2CD3F
814F9854C4421B57CAC64CFFE4782A87B0360B600497D87162D1F398E6E5E51E5E353B3A9AB16C9E7
66BD995C669A784AD597D0FB3AA9F7202C507072B19C3C50A0D7AD3994E14ABC62DB125035EA32647
0034DC078B2BAA3BC3BCA80AAB5EE01986BD1EF64B42F17CCAE4A77F1EF999B2BF9C4A10203010001
=====================================================
Time of Key pair created: 09:50:07 2007/08/07
Key name: SERVER_KEY