H3C Technologies H3C SecPath F1000-E User Manual

Page 10

Configuring a center node ································································································································· 224

Configuring a branch node································································································································ 227

Configuring a peer node ···································································································································· 230

Configuring L2TP ····················································································································································· 234

Overview ······································································································································································· 234

Typical networking application of L2TP ············································································································ 234

Basic concepts of L2TP ········································································································································ 235

L2TP tunnel modes and tunnel establishment process ····················································································· 237

L2TP features ························································································································································ 240

Protocols and standards ····································································································································· 240

Configuring L2TP in the Web interface ····················································································································· 241

L2TP configuration task list ································································································································· 241

Enabling L2TP ······················································································································································ 241

Adding an L2TP group ········································································································································ 242

Displaying L2TP tunnel information ··················································································································· 248

L2TP configuration example ······························································································································· 248

Configuring L2TP at the CLI ········································································································································· 253

Configuring basic L2TP capability ····················································································································· 254

Configuring an LAC ············································································································································ 255

Configuring an LNS ············································································································································ 257

Configuring L2TP connection parameters ········································································································· 261

Displaying and maintaining L2TP ······················································································································ 263

Configuration example for NAS-initiated VPN ································································································ 263

Configuration example for client-initiated VPN ································································································ 265

Configuration example for LAC-auto-initiated VPN ························································································· 267

Configuration example for L2TP multi-domain application ············································································· 269

Complicated network application ····················································································································· 273

Troubleshooting L2TP ··················································································································································· 273

Managing certificates ············································································································································· 275

Feature and hardware compatibility ·························································································································· 275

PKI overview ································································································································································· 275

PKI terms ······························································································································································· 275

Architecture of PKI ··············································································································································· 276

Applications of PKI ·············································································································································· 277

Operation of PKI ·················································································································································· 277

Configuring PKI in the Web interface ························································································································ 277

Recommended configuration procedure ··········································································································· 277

Creating a PKI entity ··········································································································································· 280

Creating a PKI domain ······································································································································· 281

Generating an RSA key pair ······························································································································ 284

Destroying the RSA key pair ······························································································································ 285

Retrieving and displaying a certificate ············································································································· 285

Requesting a local certificate ····························································································································· 286

Retrieving and displaying a CRL ························································································································ 287

PKI configuration examples in the Web interface ···································································································· 288

Certificate request from a Windows 2003 CA server configuration example············································· 288

Certificate request from an RSA Keon CA server configuration example ····················································· 294

IKE negotiation with RSA digital signature configuration example ······························································· 298

Configuring PKI at the CLI ··········································································································································· 305

PKI configuration task list ···································································································································· 305

Configuring an entity DN ··································································································································· 305

Configuring a PKI domain ·································································································································· 306

This manual is related to the following products:

H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS