Virtual PrivateNetworks(VPN) IPsec
IX20 User Guide
496
(config vpn ipsec tunnel ipsec_example)> auth peer_public_key
key
(config vpn ipsec tunnel ipsec_example)>
n
x509: Uses private key and X.509 certificatesto authenticate with the remote peer.
a. For the private_key parameter, paste the device's private RSA key in PEMformat:
(config vpn ipsec tunnel ipsec_example)> auth private_key key
(config vpn ipsec tunnel ipsec_example)>
b. Set the private key passphrase that is used to decrypt the private key. Leaveblank
if the private key is not encrypted.
(config vpn ipsec tunnel ipsec_example)> auth private_key_
passphrase passphrase
(config vpn ipsec tunnel ipsec_example)>
c. For the cert parameter, paste the local X.509 certificate in PEMformat:
(config vpn ipsec tunnel ipsec_example)> auth cert certificate
(config vpn ipsec tunnel ipsec_example)>
d. Set the method for verifying the peer's X.509 certificate:
(config vpn ipsec tunnel ipsec_example)> auth peer_verify value
(config vpn ipsec tunnel ipsec_example)>
where value is either:
l
cert: Usesthe peer's X.509 certificate in PEMformat for verification.
o
For the peer_cert parameter, paste the peer's X.509 certificate in PEM
format:
(config vpn ipsec tunnel ipsec_example)> auth peer_cert
certificate
(config vpn ipsec tunnel ipsec_example)>
l
ca: Usesthe Certificate Authority chain for verification.
o
For the ca_cert parameter, paste the Certificate Authority (CA) certificates.
These must include all peer certificatesin the chain up to the root
CA certificate, in PEMformat.
(config vpn ipsec tunnel ipsec_example)> auth ca_cert cert_
chain
(config vpn ipsec tunnel ipsec_example)>
11. (Optional) Configure the device to connect to its remote peer as an XAUTH client:
a. Enable XAUTH client functionality:
(config vpn ipsec tunnel ipsec_example)> xauth_client enable true
(config vpn ipsec tunnel ipsec_example)>
To Next Page
Loading...