vii
IPsec SA negotiation failed due to invalid identity information ··················································· 305
Configuring IKEv2 ········································································ 309
Overview ······························································································································ 309
IKEv2 negotiation process ································································································· 309
New features in IKEv2 ······································································································ 310
Protocols and standards ··································································································· 310
Feature and software version compatibility ·················································································· 310
IKEv2 configuration task list ····································································································· 311
Configuring an IKEv2 profile ····································································································· 311
Configuring an IKEv2 policy ····································································································· 314
Configuring an IKEv2 proposal ·································································································· 314
Configuring an IKEv2 keychain ································································································· 316
Configure global IKEv2 parameters ···························································································· 317
Enabling the cookie challenging feature ··············································································· 317
Configuring the IKEv2 DPD feature ····················································································· 317
Configuring the IKEv2 NAT keepalive feature ········································································ 317
Displaying and maintaining IKEv2 ······························································································ 318
IKEv2 configuration examples ··································································································· 318
IKEv2 with pre-shared key authentication configuration example ··············································· 318
IKEv2 with RSA signature authentication configuration example ················································ 321
Troubleshooting IKEv2 ············································································································ 326
IKEv2 negotiation failed because no matching IKEv2 proposals were found ································· 326
IPsec SA negotiation failed because no matching IPsec transform sets were found ······················· 326
IPsec tunnel establishment failed ························································································ 326
Configuring SSH ·········································································· 328
Overview ······························································································································ 328
How SSH works ·············································································································· 328
SSH authentication methods ······························································································ 329
SSH support for Suite B ···································································································· 330
Feature and software version compatibility ·················································································· 331
FIPS compliance···················································································································· 331
Configuring the device as an SSH server ···················································································· 331
SSH server configuration task list ······················································································· 331
Generating local key pairs ································································································· 332
Enabling the Stelnet server ································································································ 332
Enabling the SFTP server ································································································· 333
Enabling the SCP server ··································································································· 333
Configuring NETCONF over SSH ······················································································· 333
Configuring user lines for SSH login ···················································································· 334
Configuring a client's host public key ··················································································· 334
Configuring an SSH user ·································································································· 335
Configuring the SSH management parameters ······································································ 336
Specifying a PKI domain for the SSH server ·········································································· 337
Configuring the device as an Stelnet client ·················································································· 338
Stelnet client configuration task list ······················································································ 338
Specifying the source IP address for SSH packets ································································· 338
Establishing a connection to an Stelnet server ······································································· 339
Establishing a connection to an Stelnet server based on Suite B ··············································· 342
Configuring the device as an SFTP client ···················································································· 342
SFTP client configuration task list ······················································································· 342
Specifying the source IP address for SFTP packets ································································ 342
Establishing a connection to an SFTP server ········································································· 343
Establishing a connection to an SFTP server based on Suite B ················································· 346
Working with SFTP directories ··························································································· 347
Working with SFTP files ···································································································· 347
Displaying help information ································································································ 347
Terminating the connection with the SFTP server ··································································· 348
Configuring the device as an SCP client ····················································································· 348
Establishing a connection to an SCP server ·········································································· 348
Establishing a connection to an SCP server based on Suite B ·················································· 351
To Next Page
Loading...
Need help?
General