beautypg.com
v
Aborting a certificate request ····································································································································· 191
Obtaining certificates ·················································································································································· 191
Configuration prerequisites ································································································································ 192
Configuration guidelines ···································································································································· 192
Configuration procedure ···································································································································· 192
Verifying PKI certificates ·············································································································································· 193
Verifying certificates with CRL checking ··········································································································· 193
Verifying certificates without CRL checking ······································································································ 194
Specifying the storage path for the certificates and CRLs ······················································································· 194
Exporting certificates ··················································································································································· 194
Removing a certificate ················································································································································· 195
Configuring a certificate access control policy ········································································································· 196
Displaying and maintaining PKI ································································································································· 197
PKI configuration examples ········································································································································· 197
Certificate request from an RSA Keon CA server ···························································································· 197
Certificate request from a Windows 2003 CA server ···················································································· 200
Certificate request from an OpenCA server ····································································································· 203
Certificate import and export configuration example ····················································································· 206
Troubleshooting PKI configuration ······························································································································ 211
Failed to obtain the CA certificate ····················································································································· 211
Failed to obtain local certificates ······················································································································· 212
Failed to request local certificates ····················································································································· 213
Failed to obtain CRLs ·········································································································································· 213
Failed to import the CA certificate ····················································································································· 214
Failed to import a local certificate ····················································································································· 214
Failed to export certificates ································································································································ 215
Failed to set the storage path ····························································································································· 215
Configuring IPsec ···················································································································································· 217
Overview ······································································································································································· 217
Security protocols and encapsulation modes ··································································································· 218
Security association ············································································································································· 219
Authentication and encryption ··························································································································· 220
IPsec implementation ··········································································································································· 220
Protocols and standards ····································································································································· 221
IPsec tunnel establishment ··········································································································································· 221
Implementing ACL-based IPsec ··································································································································· 222
Feature restrictions and guidelines ···················································································································· 222
ACL-based IPsec configuration task list ············································································································· 222
Configuring an ACL ············································································································································ 223
Configuring an IPsec transform set ···················································································································· 224
Configuring a manual IPsec policy···················································································································· 225
Configuring an IKE-based IPsec policy ············································································································· 227
Applying an IPsec policy to an interface ·········································································································· 231
Enabling ACL checking for de-encapsulated packets ······················································································ 231
Configuring the IPsec anti-replay function ········································································································ 232
Binding a source interface to an IPsec policy ·································································································· 233
Enabling QoS pre-classify ·································································································································· 233
Enabling logging of IPsec packets ····················································································································· 234
Configuring the DF bit of IPsec packets ············································································································ 234
Configuring IPsec for IPv6 routing protocols ············································································································· 235
Configuration task list ········································································································································· 235
Configuring a manual IPsec profile ··················································································································· 235
Configuring SNMP notifications for IPsec ················································································································· 237
Displaying and maintaining IPsec ······························································································································ 237
