Exporting certificates ··················································································································································· 111
Removing a certificate ················································································································································· 112
Displaying and maintaining PKI ································································································································· 113
PKI configuration examples ········································································································································· 113
Failed to obtain CRLs ·········································································································································· 133
Failed to export certificates ································································································································ 134
Failed to set the storage path ····························································································································· 135
Configuring IPsec ···················································································································································· 136
Overview ······································································································································································· 136
Security association ············································································································································· 138
Authentication and encryption ··························································································································· 138
IPsec implementation ··········································································································································· 139
IPsec RRI································································································································································ 140
Protocols and standards ····································································································································· 141
IPsec tunnel establishment ··········································································································································· 141
Implementing ACL-based IPsec ··································································································································· 142
Configuring an ACL ············································································································································ 143
Enabling QoS pre-classify ·································································································································· 155
Configuring IPsec RRI ·········································································································································· 157
Configuration task list ········································································································································· 158
Displaying and maintaining IPsec ······························································································································ 160
IPsec configuration examples······································································································································ 161
Configuring IPsec for RIPng ································································································································ 171
Configuring IPsec RRI ·········································································································································· 174
iv