Configuration guidelines ···································································································································· 192
Aborting a certificate request ····································································································································· 194
Obtaining certificates ·················································································································································· 194
Configuration prerequisites ································································································································ 194
Configuration guidelines ···································································································································· 194
Configuration procedure ···································································································································· 195
Verifying PKI certificates ·············································································································································· 195
Exporting certificates ··················································································································································· 197
Removing a certificate ················································································································································· 197
Displaying and maintaining PKI ································································································································· 199
PKI configuration examples ········································································································································· 199
Failed to obtain CRLs ·········································································································································· 216
Failed to export certificates ································································································································ 218
Failed to set the storage path ····························································································································· 218
Configuring IPsec ···················································································································································· 220
Overview ······································································································································································· 220
Security association ············································································································································· 222
Authentication and encryption ··························································································································· 223
IPsec implementation ··········································································································································· 223
Protocols and standards ····································································································································· 224
IPsec tunnel establishment ··········································································································································· 224
Implementing ACL-based IPsec ··································································································································· 225
Configuring an ACL ············································································································································ 226
Enabling QoS pre-classify ·································································································································· 236
Configuration task list ········································································································································· 238
v