Manualshelf

3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module
201202203204205206207208209210
202 CHAPTER 12: PKI CONFIGURATION
[secblade-GigabitEthernet0/0.2] ip address 50.0.0.254 24
[secblade-GigabitEthernet0/0.2] quit
# Configure the static route.
[secblade] ip route-static 10.0.0.0 24 30.0.0.1
[secblade] ip route-static 0.0.0.0 0 50.0.0.1
# Use the default IKE policy on the IPsec module and configure PKI (rsa-signature)
algorithm for identity authentication.
[secblade_VPN] ike proposal 1
[secblade_VPN-ike-proposal-1] authentication-method rsa-signature
[secblade_VPN-ike-proposal-1] quit
# Configure parameters for the PKI domain.
[secblade_VPN] pki domain 1
[secblade_VPN-pki-domain-1] ca identifier CA
[secblade_VPN-pki-domain-1] certificate request url
http://201.1.1.1/certsrv/mscep/mscep.dll
[secblade_VPN-pki-domain-1] certificate request from ra
[secblade_VPN-pki-domain-1] certificate request entity en
[secblade_VPN-pki-domain-1] ldap-server ip 201.1.1.2
# Specify CRL distribution point location (you need not to specify it if CRL check is
disabled).
[secblade_VPN-pki-domain-1] crl url ldap://201.1.1.2
# Configure the entity DN.
[secblade_VPN] pki entity en
[secblade_VPN-pki-entity-en] ip 50.0.0.254
[secblade_VPN-pki-entity-en] common-name secblade
# Use the RSA algorithm to generate the local key pair.
[secblade_VPN] rsa local-key-pair create
# Apply for the certificate.
[secblade_VPN-pki-entity-en] pki retrieval certificate ca domain 1
[secblade_VPN] pki request certificate 1
n
The above section describes IKE negotiation configuration with PKI certificate. If
you want to establish an IPsec security channel for secure communication, you
need to configure IPsec. For details, refer to
“IPsec Configuration”.