Manualshelf

R0106-HP MSR Router Series Security Configuration Guide(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR4060 Router Chassis
231232233234235236237238239240
226
8f:d4:3e:4f:51:c1:34:e6:c1:1e:71:b5:0d:85:86:a5:ed:63:
1e:08:7f:d2:50:ac:a0:a3:9e:88:48:10:0b:4a:7d:ed:c1:03:
9f:87:97:a3:5e:7d:75:1d:ac:7b:6f:bb:43:4d:12:17:9a:76:
b0:bf:2f:6a:cc:4b:cd:3d:a1:dd:e0:dc:5a:f3:7c:fb:c3:29:
b0:12:49:5c:12:4c:51:6e:62:43:8b:73:b9:26:2a:f9:3d:a4:
81:99:31:89
To display detailed information about the CA certificate, use the display pki certificate domain
command.
Certificate request from an RSA Keon CA server in an NAT-PT
network
Network requirements
The PKI entity (Device A) in the IPv6 network wants to communicate with the CA server at the IP address
of 192.168.1.2/24 in the IPv4 network, so that:
Device A can obtain CRLs from the CA server for verifying local certificates.
Device A can request local certificates from the CA server.
To meet the requirements, configure an NAT-PT device Device B between the IPv4 and IPv6 networks.
Configure static mappings at the IPv4 network side and the IPv6 network side separately so that the IPv4
network and the IPv6 network can access each other.
Figure 70 Network diagram
Configuring the CA server
1. In this example, an RSA Keon CA server acts as the CA server. For information about configuring
an RSA Keon CA server, see "Certificate request from an RSA Keon CA server."
2. Enable loc
al certificate publishing.
3. Configure the static route to the subnet 192.168.18.0/24 (the following describes the
configuration on the Windows XP operating system):
a. Open the cmd window.
b. Enter route add 192.16.18.0 mask 255.255.255.0 192.168.1.1.
C:\Documents and Settings\username\route add 192.16.18.0 mask 255.255.255.0
192.168.1.1
Configuring Device B
# Enable IPv6, assign an IPv6 address to interface GigabitEthernet 2/1/1, and enable NAT-PT for
the interface.
<DeviceB> system-view
[DeviceB] ipv6