R2511-HP MSR Router Series Security Configuration Guide(V5)
266
# Request a certificate.
[RouterB] pki retrieval-certificate ca domain 1
[RouterB] pki retrieval-crl domain 1
[RouterB] pki request-certificate domain 1
# Configure IKE proposal 1, using RSA signature for identity authentication.
[RouterB] ike proposal 1
[RouterB-ike-proposal-1] authentication-method rsa-signature
[RouterB-ike-proposal-1] quit
# Specify the PKI domain for the IKE peer.
[RouterB] ike peer peer
[RouterB-ike-peer-peer] certificate domain 1
NOTE:
The configuration procedure covers only the configurations for IKE negotiation using RSA digital
signature. For an IPsec tunnel to be established, you also need to perform IPsec configurations. For more
information about IPsec configuration, see "Configuring IPsec."
Certificate access control policy configuration example
Network requirements
The host accesses the router through HTTPS.
SSL is employed to protect the router against illegal access.
Configure a certificate access control policy on the router to authenticate the host and verifies the validity
of the host's certificates.
Figure 73 Network diagram
Configuration procedure
For more information about SSL configuration, see "Configuring SSL."
For more information about HTTPS configuration, see Fundamentals Configuration Guide.
NOTE:
The PKI domain to be referenced by the SSL policy must be created in advance. For information about ho
w
to configure a PKI domain, see "Configuring a PKI domain."
1. Configure the HTTPS server.
# Configure the SSL policy for the HTTPS server.