Manualshelf

HP VPN Firewall Appliances VPN Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
281282283284285286287288289290
281
IKE negotiation with RSA digital signature configuration
example
Network requirements
An IPsec tunnel is set up between Firewall A and Firewall B to secure the traffic between Host A on subnet
10 .1.1. 0 / 24 a n d H o s t B o n s u b n e t 11.1.1.0 / 24 .
Firewall A and Firewall B use IKE for IPsec tunnel negotiation and RSA digital signature of a PKI certificate
system for identity authentication.
Firewall A and Firewall B use different CAs. They may also use the same CA as required.
Figure 202 Network diagram
Configuring Firewall A
1. Create a PKI entity:
a. From the navigation tree, select VPN > Certificate Management > Entity.
b. Click Add.
c. Enter en as the PKI entity name, enter device-a as the common name, enter 2.2.2.1 as the IP
address of the entity, and click Apply.