EasyManua.ls Logo

Digi IX20

Digi IX20
1188 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Virtual PrivateNetworks(VPN) IPsec
IX20 User Guide
487
ii. For Remote key, type the remote pre-shared key. This must be the same as
the local key on the remote host.
n
RSAsignature: Usesa private RSA key to authenticate with the remote peer.
i. For Private key, paste the device's private RSA key in PEMformat.
ii. Typethe Private key passphrase that is used to decrypt the private key.
Leaveblank if the private key is not encrypted.
iii. For Peer public key, paste the peer's public RSA key in PEMformat.
n
SCEP certificates: UsesSimple Certificate Enrollment Protocol (SCEP) to download
a private key, certificates, and an optional Certificate Revocation List (CRL) to the
IX20 device from a SCEPserver.
You must create the SCEPclient prior to configuring the IPsec tunnel. See Configure
a Simple Certificate Enrollment Protocol client for instructions.
i. For SCEP Client, select the SCEPclient.
n
X.509 certificate: Usesprivate key and X.509 certificatesto authenticate with the
remote peer.
i. For Private key, paste the device's private RSA key in PEMformat.
ii. Typethe Private key passphrase that is used to decrypt the private key.
Leaveblank if the private key is not encrypted.
iii. For Certificate, paste the local X.509 certificate in PEMformat.
iv. For Peer verification, select either:
l
Peer certificate: For Peer certificate, paste the peer's X.509 certificate in
PEMformat.
l
Certificate Authority: For Certificate Authority chain, paste the
Certificate Authority (CA) certificates. These must include all peer
certificates in the chain up to the root CA certificate, in PEMformat.
16. (Optional) For Management Priority, set the management priority for this IPsec tunnel. A
tunnel that is up and has the highest priority will be used for central management and direct
device access.
17. (Optional) To configure the device to connect to its remote peer as an XAUTH client:
a. Click to expand XAUTH client.
b. Click Enable.
c. Typethe Username and Password that the device will use to authenticate as an
XAUTH client with the peer.
18. (Optional) Click Enable MODECFGclient to receiveconfiguration information, such as the
private IPaddress, from the remote peer.

Table of Contents