Virtual PrivateNetworks(VPN) IPsec
IX20 User Guide
532
Depending on your device configuration, you may be presented with an Access selection
menu. Type admin to accessthe Admin CLI.
2. At the command line, type config to enter configuration mode:
> config
(config)>
3. Set the IPsec debug value:
config> vpn ipsec advanced debug value
config>
where value is one of:
n
none. (Default) No debug messages are written.
n
basic_auditing: Logs basic auditing information, (for example, SAup/SAdown).
n
generic_control: Select this for basic debugging information.
n
detailed_control: More detailed debugging control flow.
n
raw_data: Includes raw data dumpsin hexadecimal format.
n
sensitive_data: Also includes sensitive material in dumps(for example, encryption
keys).
4. Save the configuration and apply the change
(config)> save
Configuration saved.
>
5. Type exit to exit the Admin CLI.
Depending on your device configuration, you may be presented with an Access selection
menu. Type quit to disconnect from the device.
Configure a Simple Certificate Enrollment Protocol client
Simple Certificate Enrollment Protocol (SCEP) is a mechanism that allowsfor large-scale X.509
certificate deployment. You can configure IX20 device to function as a SCEPclient that will connect to
a SCEPserver that is used to sign Certificate Signing Requests (CSRs), provide Certificate Revocation
Lists (CRLs), and distribute valid certificatesfrom a Certificate Authority (CA).
Required configuration
n
Enable the SCEPclient.
n
The fully-qualified domain name of the SCEPserver to be used for certificate requests.
n
The challenge password provided by the SCEPserver that the SCEPclient will use when
making SCEPrequests.
n
The distinguished name to be used for the CSR.
Additional configuration
n
The number of daysthat the certificate enrollment can berenewed, prior to the request
expiring.
To Next Page
Loading...
Need help?
General