Manualshelf

R3303-HP 6600/HSR6600 Routers Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR6602-XG Router
12345678910
vi
Verifying PKI certificates ·············································································································································· 237
Verifying PKI certificates with CRL checking ····································································································· 237
Verifying PKI certificates without CRL checking································································································ 238
Destroying the local RSA key pair ······························································································································ 238
Removing a certificate ················································································································································· 238
Configuring an access control policy ························································································································ 239
Displaying and maintaining PKI ································································································································· 239
PKI configuration examples ········································································································································· 240
Certificate request from an RSA Keon CA server ···························································································· 240
Certificate request from a Windows 2003 CA server ···················································································· 243
IKE negotiation with RSA digital signature ······································································································· 246
Certificate access control policy configuration ································································································ 248
Troubleshooting PKI ····················································································································································· 250
Failed to obtain a CA certificate ······················································································································· 250
Failed to request a local certificate ··················································································································· 250
Failed to obtain CRLs ·········································································································································· 251
Configuring IPsec ···················································································································································· 252
Overview ······································································································································································· 252
Basic concepts ····················································································································································· 252
IPsec tunnel interface ··········································································································································· 255
IPsec for IPv6 routing protocols ·························································································································· 256
IPsec RRI································································································································································ 256
Protocols and standards ····································································································································· 257
FIPS compliance ··························································································································································· 257
Implementing IPsec ······················································································································································· 257
Implementing ACL-based IPsec ··································································································································· 258
Configuring an ACL ············································································································································ 258
Configuring an IPsec transform set ···················································································································· 261
Configuring an IPsec policy ······························································································································· 262
Applying an IPsec policy group to an interface ······························································································· 268
Enabling the encryption engine ························································································································· 268
Enabling ACL checking of de-encapsulated IPsec packets ············································································· 269
Configuring the IPsec anti-replay function ········································································································ 269
Configuring packet information pre-extraction ································································································ 270
Enabling invalid SPI recovery ···························································································································· 270
Configuring IPsec RRI ·········································································································································· 271
Enabling IPsec packet fragmentation before/after encryption ······································································· 272
Implementing tunnel interface-based IPsec ················································································································ 273
Configuring an IPsec profile ······························································································································· 273
Configuring an IPsec tunnel interface ··············································································································· 275
Enabling packet information pre-extraction on the IPsec tunnel interface ····················································· 277
Applying a QoS policy to an IPsec tunnel interface ························································································ 277
Configuring IPsec for IPv6 routing protocols ············································································································· 278
Displaying and maintaining IPsec ······························································································································ 278
IPsec configuration examples······································································································································ 279
Configuring a manual mode IPsec tunnel for IPv4 packets ············································································ 279
Configuring an IKE-based IPsec tunnel for IPv4 packets ················································································· 281
Configuring IKE-based IPsec tunnel for IPv6 packets ······················································································· 283
Configuring IPsec with IPsec tunnel interfaces·································································································· 285
Configuring IPsec for RIPng ································································································································ 289
Configuring IPsec RRI ·········································································································································· 293
Configuring IKE ······················································································································································· 297
Overview ······································································································································································· 297