viii
Configuring an IKEv2 keychain ······················································································································ 354
Configure global IKEv2 parameters ··············································································································· 355
Enabling the cookie challenging feature ································································································ 355
Configuring the IKEv2 DPD feature ······································································································· 355
Configuring the IKEv2 NAT keepalive feature ························································································ 355
Displaying and maintaining IKEv2 ················································································································· 356
Troubleshooting IKEv2 ··································································································································· 356
IKEv2 negotiation failed because no matching IKEv2 proposals were found ········································ 356
IPsec SA negotiation failed because no matching IPsec transform sets were found ···························· 357
IPsec tunnel establishment failed ··········································································································· 357
Configuring SSH ························································································· 358
Overview ························································································································································ 358
How SSH works ····································································································································· 358
SSH authentication methods ·················································································································· 359
SSH support for Suite B ························································································································· 360
FIPS compliance ············································································································································ 360
Configuring the device as an SSH server ······································································································ 361
SSH server configuration task list ·········································································································· 361
Generating local key pairs ······················································································································ 361
Enabling the Stelnet server ···················································································································· 362
Enabling the SFTP server ······················································································································ 362
Enabling the SCP server ························································································································ 363
Enabling NETCONF over SSH ·············································································································· 363
Configuring the user lines for SSH login ································································································ 363
Configuring a client's host public key ····································································································· 364
Configuring an SSH user ······················································································································· 365
Configuring the SSH management parameters ····················································································· 366
Specifying a PKI domain for the SSH server ························································································· 367
Configuring the device as an Stelnet client ···································································································· 367
Stelnet client configuration task list ········································································································ 367
Generating local key pairs ······················································································································ 368
Specifying the source IP address for SSH packets ················································································ 368
Establishing a connection to an Stelnet server ······················································································ 368
Establishing a connection to an Stelnet server based on Suite B ·························································· 370
Configuring the device as an SFTP client ······································································································ 371
SFTP client configuration task list ·········································································································· 371
Generating local key pairs ······················································································································ 371
Specifying the source IP address for SFTP packets ·············································································· 372
Establishing a connection to an SFTP server ························································································ 372
Establishing a connection to an SFTP server based on Suite B ···························································· 374
Working with SFTP directories ··············································································································· 374
Working with SFTP files ························································································································· 375
Displaying help information ···················································································································· 375
Terminating the connection with the SFTP server ················································································· 375
Configuring the device as an SCP client ········································································································ 376
SCP client configuration task list ············································································································ 376
Generating local key pairs ······················································································································ 376
Establishing a connection to an SCP server ·························································································· 376
Establishing a connection to an SCP server based on Suite B······························································ 378
Specifying algorithms for SSH2 ····················································································································· 379
Specifying key exchange algorithms for SSH2 ······················································································ 379
Specifying public key algorithms for SSH2 ···························································································· 379
Specifying encryption algorithms for SSH2 ···························································································· 380
Specifying MAC algorithms for SSH2 ···································································································· 380
Displaying and maintaining SSH ···················································································································· 380
Stelnet configuration examples ······················································································································ 381
Password authentication enabled Stelnet server configuration example ··············································· 381
Publickey authentication enabled Stelnet server configuration example ··············································· 383
Password authentication enabled Stelnet client configuration example ················································ 389
Publickey authentication enabled Stelnet client configuration example ················································· 392
Stelnet configuration example based on 128-bit Suite B algorithms ······················································ 394
To Next Page
Loading...
