Manualshelf

R3721-F3210-F3171-HP High-End Firewalls VPN Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
12345678910
v
Configuring a peer node ···································································································································· 225
Configuring L2TP ····················································································································································· 229
Overview ······································································································································································· 229
Typical networking application of L2TP ············································································································ 229
Basic concepts of L2TP ········································································································································ 230
L2TP tunnel modes and tunnel establishment process ····················································································· 232
L2TP features ························································································································································ 235
Protocols and standards ····································································································································· 235
Configuring L2TP in the Web interface ····················································································································· 236
L2TP configuration task list ································································································································· 236
Enabling L2TP ······················································································································································ 236
Adding an L2TP group ········································································································································ 237
Displaying L2TP tunnel information ··················································································································· 243
L2TP configuration example ······························································································································· 243
Configuring L2TP at the CLI ········································································································································· 248
L2TP configuration task list ································································································································· 248
Configuring basic L2TP capability ····················································································································· 249
Configuring an LAC ············································································································································ 249
Configuring an LNS ············································································································································ 252
Configuring L2TP connection parameters ········································································································· 256
Displaying and maintaining L2TP ······················································································································ 258
Configuration example for NAS-initiated VPN ································································································ 258
Configuration example for client-initiated VPN ································································································ 260
Configuration example for LAC-auto-initiated VPN ························································································· 262
Configuration example for L2TP multi-domain application ············································································· 264
Complicated network application ····················································································································· 268
Troubleshooting L2TP ··················································································································································· 268
Managing Certificates ············································································································································ 270
Feature and hardware compatibility ·························································································································· 270
PKI overview ································································································································································· 270
PKI terms ······························································································································································· 270
Architecture of PKI ··············································································································································· 271
Applications of PKI ·············································································································································· 272
Operation of PKI ·················································································································································· 272
Configuring PKI in the web interface ························································································································· 273
Configuration task list ········································································································································· 273
Creating a PKI entity ··········································································································································· 275
Creating a PKI domain ······································································································································· 276
Generating an RSA key pair ······························································································································ 279
Destroying the RSA key pair ······························································································································ 280
Retrieving and displaying a certificate ············································································································· 280
Requesting a local certificate ····························································································································· 281
Retrieving and displaying a CRL ························································································································ 282
PKI configuration examples in the web interface ····································································································· 283
Configuring a PKI entity to request a certificate from a CA (method i) ························································· 283
Configuring a PKI entity to request a certificate from a CA (method ii) ························································ 288
Applying RSA digital signature in IKE negotiation ·························································································· 292
Configuring PKI at the CLI ··········································································································································· 300
PKI configuration task list ···································································································································· 300
Configuring an entity DN ··································································································································· 300
Configuring a PKI domain ·································································································································· 301
Submitting a PKI certificate request ··················································································································· 303
Retrieving a certificate manually ························································································································ 304