Chapter 12
Tunneling and VPNs
RUGGEDCOM ROX II
CLI User Guide
408 Configuring Certificates and Keys
Section12.8.3
Configuring Certificates and Keys
To configure certificates and keys for IPsec Tunnels, do the following:
1. Make sure the CLI is in Configuration mode.
2. Add a CA certificate and Certificate Revocation List (CRL). For more information, refer to Section6.8.4.3,
“Adding a CA Certificate and CRL”.
3. Add a private key. For more information, refer to Section6.8.5.2, “Adding a Private Key”.
4. Add a certificate. For more information, refer to Section6.8.7.3, “Adding a Certificate”.
5. Add a public key. For more information, refer to Section6.8.6.2, “Adding a Public Key”.
6. Navigate to tunnel» ipsec» connection» {connection}» {end}, where {connection} is the name of the
connection and {end} is the either the left (local router) or right (remote router) connection end.
7. Configure the system public key by typing:
tunnel ipsec connection connection [ left | right ] key type certificate
Where:
• connection is the name of the connection
8. Configure the system identifier by typing:
tunnel ipsec connection connection [ left | right ] identifier type from-certificate
Where:
• connection is the name of the connection
9. Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Section12.8.4
Viewing the IPsec Tunnel Status
To view the status of the IPsec tunnel, type:
1. Make sure the CLI is in Configuration mode.
2. Display the status by typing:
show ipsec status
A table or list similar to the following example appears:
status
========================================================
000 using kernel interface: netkey
000 interface lo/lo :1
000 interface lo/lo 127.0.0.1
000 interface vrf_gw0/vrf_gw0 169.254.0.1
000 interface switch.0001/switch.0001 192.168.0.2
000 interface switch.1000/switch.1000 172.30.151.38
000 %myid = (none)
000 debug none
000
000 virtual_private (%priv):
000 - allowed 0 subnets:
000 - disallowed 0 subnets:
To Next Page
Loading...
Need help?
General
