Manualshelf

HP VPN Firewall Appliances VPN Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
12345678910
v
Certificate request from a Windows 2003 CA server configuration example············································· 271
Certificate request from an RSA Keon CA server configuration example ····················································· 277
IKE negotiation with RSA digital signature configuration example ······························································· 281
Configuring PKI at the CLI ··········································································································································· 287
PKI configuration task list ···································································································································· 287
Configuring an entity DN ··································································································································· 287
Configuring a PKI domain ·································································································································· 289
Requesting a PKI certificate ································································································································ 290
Retrieving a certificate manually ························································································································ 292
Verifying PKI certificates ····································································································································· 293
Destroying the local RSA key pair ····················································································································· 294
Deleting a certificate ··········································································································································· 294
Configuring an access control policy ················································································································ 294
Displaying PKI ······················································································································································ 295
Certificate request from an RSA Keon CA server configuration example ····················································· 295
Certificate request from a Windows 2003 CA server configuration example············································· 298
IKE negotiation with RSA digital signature configuration example ······························································· 301
Certificate attribute-based access control policy configuration example ······················································ 304
Troubleshooting PKI ····················································································································································· 305
Failed to retrieve a CA certificate ······················································································································ 305
Failed to request a local certificate ··················································································································· 306
Failed to retrieve CRLs ········································································································································ 306
Managing public keys ············································································································································ 308
Overview ······································································································································································· 308
Configuration task list ·················································································································································· 308
Creating a local asymmetric key pair ························································································································ 309
Displaying or exporting the local host public key ···································································································· 309
Displaying and recording the host public key information ······················································································ 310
Displaying the host public key in a specific format and saving it to a file ···························································· 310
Exporting the host public key in a specific format to a file ····················································································· 311
Destroying a local asymmetric key pair ···················································································································· 311
Specifying the peer public key on the local device ·································································································· 311
Displaying public keys ················································································································································· 312
Public key configuration examples ····························································································································· 313
Entering the peer public key on the local device ····························································································· 313
Importing a public key from a public key file ··································································································· 315
Configuring SSL VPN ·············································································································································· 318
Feature and hardware compatibility ·························································································································· 318
Overview ······································································································································································· 318
How SSL VPN works ···················································································································································· 319
Advantages of SSL VPN ·············································································································································· 319
Configuring SSL VPN at the CLI ································································································································· 320
Configuration procedure ···································································································································· 320
SSL VPN configuration example at the CLI ······································································································· 321
Configuring SSL VPN in the Web interface ·············································································································· 322
Configuring SSL VPN gateway ·························································································································· 322
Configuring user access to SSL VPN ················································································································· 362
SSL VPN configuration example in the Web interface ··················································································· 365
Configuring AFT ······················································································································································ 383
Overview ······································································································································································· 383
Basic concepts ····················································································································································· 383
AFT modes ··························································································································································· 384
AFT operation ······················································································································································ 385