IKE negotiation with DSS
1. Configure the authentication method to Digital Signature Standard (DSS)
2. Certificate validation can be done using CRLs or OCSP. OCSP supports real time
IKE negotiation with RSA
1. Configure the authentication method to RSA Signature
2. Certificate validation can be done using CRLs or OCSP. OCSP supports real time
OCSP Configuration
1. Configure OCSP Responder URL.
2. Enable OCSP
Avaya Secure Router 1000 Series Configuration Guide
R1/configure/crypto/ike/policy test1 11.1.1.1/proposal 1>
authentication-method dss-signature
certificate validation.
R1/configure/crypto/ike/policy test1 11.1.1.1/proposal 1>
authentication-method dss-signature
certificate validation.
R1/configure/crypto/ca/trustpoint ms2003> ocsp url http://
192.168.114.3:2560/
R1/configure/crypto/ike/policy test1 11.1.1.1> ocsp
OCSP enabled for this policy
IKE negotiation with DSS
December 2010
175