v
Configuration guidelines ···································································································································· 192
Configuring automatic certificate request ········································································································· 192
Manually requesting a certificate ······················································································································ 193
Aborting a certificate request ····································································································································· 194
Obtaining certificates ·················································································································································· 194
Configuration prerequisites ································································································································ 194
Configuration guidelines ···································································································································· 194
Configuration procedure ···································································································································· 195
Verifying PKI certificates ·············································································································································· 195
Verifying certificates with CRL checking ··········································································································· 195
Verifying certificates without CRL checking ······································································································ 196
Specifying the storage path for the certificates and CRLs ······················································································· 196
Exporting certificates ··················································································································································· 197
Removing a certificate ················································································································································· 197
Configuring a certificate access control policy ········································································································· 198
Displaying and maintaining PKI ································································································································· 199
PKI configuration examples ········································································································································· 199
Requesting a certificate from an RSA Keon CA server ···················································································· 200
Requesting a certificate from a Windows Server 2003 CA server ······························································· 202
Requesting a certificate from an OpenCA server ···························································································· 206
Certificate import and export configuration example ····················································································· 209
Troubleshooting PKI configuration ······························································································································ 214
Failed to obtain the CA certificate ····················································································································· 214
Failed to obtain local certificates ······················································································································· 215
Failed to request local certificates ····················································································································· 216
Failed to obtain CRLs ·········································································································································· 216
Failed to import the CA certificate ····················································································································· 217
Failed to import a local certificate ····················································································································· 217
Failed to export certificates ································································································································ 218
Failed to set the storage path ····························································································································· 218
Configuring IPsec ···················································································································································· 220
Overview ······································································································································································· 220
Security protocols and encapsulation modes ··································································································· 221
Security association ············································································································································· 222
Authentication and encryption ··························································································································· 223
IPsec implementation ··········································································································································· 223
Protocols and standards ····································································································································· 224
IPsec tunnel establishment ··········································································································································· 224
Implementing ACL-based IPsec ··································································································································· 225
Feature restrictions and guidelines ···················································································································· 225
ACL-based IPsec configuration task list ············································································································· 225
Configuring an ACL ············································································································································ 226
Configuring an IPsec transform set ···················································································································· 227
Configuring a manual IPsec policy···················································································································· 228
Configuring an IKE-based IPsec policy ············································································································· 230
Applying an IPsec policy to an interface ·········································································································· 234
Enabling ACL checking for de-encapsulated packets ······················································································ 234
Configuring the IPsec anti-replay function ········································································································ 235
Binding a source interface to an IPsec policy ·································································································· 236
Enabling QoS pre-classify ·································································································································· 236
Enabling logging of IPsec packets ····················································································································· 237
Configuring the DF bit of IPsec packets ············································································································ 237
Configuring IPsec for IPv6 routing protocols ············································································································· 238
Configuration task list ········································································································································· 238
To Next Page
Loading...
