R3721-F3210-F3171-HP High-End Firewalls VPN Configuration Guide-6PW101
vi
Configuring PKI certificate verification ·············································································································· 305
Destroying a local RSA key pair ························································································································ 306
Deleting a certificate ··········································································································································· 307
Configuring an access control policy ················································································································ 307
Displaying and maintaining PKI ························································································································ 307
PKI configuration examples at the CLI ······················································································································· 308
Requesting a certificate from a CA server running RSA Keon ······································································· 308
Requesting a certificate from a CA server running Windows 2003 Server ················································· 311
Applying RSA digital signature in IKE negotiation ·························································································· 314
Configuring a certificate attribute-based access control policy ······································································ 317
Troubleshooting PKI ····················································································································································· 318
Failed to retrieve a CA certificate ······················································································································ 318
Failed to request a local certificate ··················································································································· 319
Failed to retrieve CRLs ········································································································································ 319
Configuration guidelines ············································································································································· 320
Managing Public keys ············································································································································ 321
Feature and hardware compatibility ·························································································································· 321
Asymmetric key algorithm overview ·························································································································· 321
Basic concepts ····················································································································································· 321
Key algorithm types ············································································································································· 321
Asymmetric key algorithm applications ············································································································ 322
Configuring the local asymmetric key pair ··············································································································· 322
Creating an asymmetric key pair ······················································································································ 322
Displaying or exporting the local RSA or DSA host public key······································································ 323
Destroying an asymmetric key pair ··················································································································· 323
Configuring a peer public key ···································································································································· 323
Displaying and maintaining public keys ··················································································································· 324
Public key configuration examples ····························································································································· 324
Configuring a peer public key manually ·········································································································· 325
Importing a peer public key from a public key file ·························································································· 326
Configuring SSL VPN ·············································································································································· 329
Feature and hardware compatibility ·························································································································· 329
SSL VPN overview ························································································································································ 329
How SSL VPN works ···················································································································································· 329
Advantages of SSL VPN ·············································································································································· 330
CLI configuration required to implement SSL VPN ··································································································· 331
Configuration prerequisites ································································································································ 331
Configuration procedure ···································································································································· 331
Example of the CLI configuration required for SSL VPN ················································································· 332
Web configuration required to implement SSL VPN ································································································ 333
SSL VPN gateway configuration task list ·········································································································· 333
Configuring the SSL VPN service ······················································································································· 334
Configuring web proxy server resources ·········································································································· 335
Configuring TCP application resources ············································································································ 337
Configuring IP network resources ······················································································································ 344
Configuring a resource group ··························································································································· 349
Configuring local users ······································································································································· 351
Configuring a user group ··································································································································· 354
Viewing user information ···································································································································· 356
Performing basic configurations for the SSL VPN domain ·············································································· 356
Configuring authentication policies ··················································································································· 360
Configuring a security policy ····························································································································· 365
Customizing the SSL VPN user interface ··········································································································· 368