Virtual Private Networks (VPN) IPsec
Digi Connect IT® 16/48 User Guide
247
n x509: Uses private key and X.509 certificates to authenticate with the remote peer.
a. For the private_key parameter, paste the device's private RSAkey in PEM format:
(config vpn ipsec tunnel ipsec_example)> auth private_key key
(config vpn ipsec tunnel ipsec_example)>
b. Set the private key passphrase that is used to decrypt the private key. Leave blank
if the private key is not encrypted.
(config vpn ipsec tunnel ipsec_example)> auth private_key_
passphrase passphrase
(config vpn ipsec tunnel ipsec_example)>
c. For the cert parameter, paste the local X.509 certificate in PEM format:
(config vpn ipsec tunnel ipsec_example)> auth cert certificate
(config vpn ipsec tunnel ipsec_example)>
d. Set the method for verifying the peer's X.509 certificate:
(config vpn ipsec tunnel ipsec_example)> auth peer_verify value
(config vpn ipsec tunnel ipsec_example)>
where value is either:
l cert: Uses the peer's X.509 certificate in PEM format for verification.
o
For the peer_cert parameter, paste the peer's X.509 certificate in PEM
format:
(config vpn ipsec tunnel ipsec_example)> auth peer_cert
certificate
(config vpn ipsec tunnel ipsec_example)>
l ca: Uses the Certificate Authority chain for verification.
o
For the ca_cert parameter, paste the Certificate Authority (CA) certificates.
These must include all peer certificates in the chain up to the root
CAcertificate, in PEM format.
(config vpn ipsec tunnel ipsec_example)> auth ca_cert cert_
chain
(config vpn ipsec tunnel ipsec_example)>
11. (Optional) Configure the device to connect to its remote peer as an XAUTHclient:
a. Enable XAUTH client functionality:
(config vpn ipsec tunnel ipsec_example)> xauth_client enable true
(config vpn ipsec tunnel ipsec_example)>
b. Set the XAUTH client username:
(config vpn ipsec tunnel ipsec_example)> xauth_client username name
(config vpn ipsec tunnel ipsec_example)>
To Next Page
Loading...
Need help?
General