HPE FlexNetwork 5510 HI Series

HPE FlexNetwork 5510 HI Series

551 pages

To Next Page

To Next Page

To Previous Page

To Previous Page

Loading...

324

[SwitchB-acl-ipv4-adv-3101] rule 0 permit ip source 2.2.2.2 0 destination 1.1.1.0 0

[SwitchB-acl-ipv4-adv-3101] quit

# Create an IPsec transform set named tran1.

[SwitchB] ipsec transform-set tran1

# Set the packet encapsulation mode to tunnel.

[SwitchB-ipsec-transform-set-tran1] encapsulation-mode tunnel

# Use the ESP protocol for the IPsec transform set.

[SwitchB-ipsec-transform-set-tran1] protocol esp

# Specify the encryption and authentication algorithms.

[SwitchB-ipsec-transform-set-tran1] esp encryption-algorithm des-cbc

[SwitchB-ipsec-transform-set-tran1] esp authentication-algorithm sha1

[SwitchB-ipsec-transform-set-tran1] quit

# Create a PKI entity named entity2.

[SwitchB] pki entity entity2

# Set the common name to routerb for the PKI entity.

[SwitchB-pki-entity-entity2] common-name routerb

[SwitchB-pki-entity-entity2] quit

# Create a PKI domain named domain2.

[SwitchB] pki domain domain2

# Set the certificate request mode to auto and set the password to 123 for certificate revocation.

[SwitchB-pki-domain-domain2] certificate request mode auto password simple 123

# Set an MD5 fingerprint for verifying the validity of the CA root certificate.

[SwitchB-pki-domain-domain2] root-certificate fingerprint md5

50c7a2d282ea710a449eede6c56b102e

# Specify the trusted CA 8088.

[SwitchB-pki-domain-domain2] ca identifier 8088

# Specify the URL of the registration server for certificate request through the SCEP protocol.

This example uses http://192.168.222.1:446/eadbf9af4f2c4641e685f7a6021e7b298373feb7.

[SwitchB-pki-domain-domain2] certificate request url

http://192.168.222.1:446/eadbf9af4f2c4641e685f7a6021e7b298373feb7

# Specify the CA to accept certificate requests.

[SwitchB-pki-domain-domain2] certificate request from ca

# Specify the PKI entity for certificate request as entity2.

[SwitchB-pki-domain-domain2] certificate request entity entity2

# Specify RSA key pair rsa1 with the general purpose for certificate request.

[SwitchB-pki-domain-domain2] public-key rsa general name rsa1

[SwitchB-pki-domain-domain2] quit

# Create an IKEv2 profile named profile2.

[SwitchB] ikev2 profile profile2

# Specify the local authentication method as RSA signatures.

[SwitchB-ikev2-profile-profile2] authentication-method local rsa-signature

# Specify the remote authentication method as RSA signatures.

[SwitchB-ikev2-profile-profile2] authentication-method remote rsa-signature

# Set the local identity to FQDN name www.routerb.com.

[SwitchB-ikev2-profile-profile2] identity local fqdn www.routerb.com

# Specify the peer ID that the IKEv2 profile matches. The peer ID is FQDN name

www.switcha.com.

Table of Contents