Virtual PrivateNetworks(VPN) IPsec
IX20 User Guide
536
1. Select the device in Remote Manager and click Actions> Open Console, or log into the IX20
local command line as a user with full Admin access rights.
Depending on your device configuration, you may be presented with an Access selection
menu. Type admin to accessthe Admin CLI.
2. At the command line, type config to enter configuration mode:
> config
(config)>
3. Add a new SCEPclient:
(config)> add network scep_client scep_client_name
(config network scep_client scep_client_name
)>
4. Enable the SCEPclient:
(config network scep_client scep_client_name)> enable true
(config network scep_client scep_client_name)>
5. Set the url parameter to the fully qualified domain name or IPaddressof the SCEPserver:
(config network scep_client scep_client_name)> server url
https://scep.example.com
(config network scep_client scep_client_name)>
6. (Optional) Set a CA identity string that will be understood by the certificate authority. For
example, it could be a domain name or a user name. If the certificate authority has multiple
CA certificates, this field can beused to distinguish which is required.
(config network scep_client scep_client_name)> server ca_ident string
(config network scep_client scep_client_name)>
7. Set the HTTPURL path required for accessing the certificate authority. You should leavethis
option at the default of /cgi-bin/pkiclient.exe unlessdirected by the CAto use another path.
(config network scep_client scep_client_name)> server path path
(config network scep_client scep_client_name)>
8. Set the challenge password as configured on the SCEP server:
(config network scep_client scep_client_name)> server password challenge_
password
(config network scep_client scep_client_name)>
9. Set Distinguished Name attributes:
a. Set the Domain Component:
(config network scep_client scep_client_name)> distinguished_name dc
value
(config network scep_client scep_client_name)>
b. Set the two letter Country Code:
To Next Page
Loading...