Applying Rsa Digital Signature In Ike Negotiation - 3Com MSR 50 Series Configuration Manual

1844 C 97: PKI C
HAPTER ONFIGURATION
Applying RSA Digital
Signature in IKE
Negotiation
Network requirements
An IPSec tunnel is set up between Router A and Router B to secure the data
■
streams between Host A on the subnet 10.1.1.0/24 and Host B on the subnet
11.1.1.0/24.
Router A and Router B use IKE for IPSec tunnel negotiation and RSA digital
■
signature of a PKI certificate system for identify authentication.
As shown in Figure
■
use the same CA as required.
Network diagram
Figure 534 Diagram for applying RSA digital signature in IKE negotiation
CA 1
1.1.1.101/32
LDAP 1
1.1.1 .102 /32
RA 1
1.1.1.100/32
Router A
S2/0
2.2 .2.1/24
Eth1/0
10 .1.1.1/24
Host A
10.1 .1.2/24
Configuration procedure
1 Configure Router A
# Configure the entity name space.
<RouterA> system-view
[RouterA] pki entity en
[RouterA-pki-entity-en] ip 2.2.2.1
[RouterA-pki-entity-en] common-name routerA
[RouterA-pki-entity-en] quit
# Configure the PKI domain. Note that the URL of the enrollment server varies by
the CA server.
534, Router A and Router B have different CAs. They may
PKI certificate system
CA 2
2.1.1.101 /32
RA 2
2.1.1.100/32
S2/0
3.3 .3.1/24
Internet
11.1.1.1/24
LDAP 2
2.1.1 .102 /32
Router B
Eth1/0
Host B
11 .1.1.2/24