Chapter 5
Setup and Configuration
3.
Configure one or more pre-shared keys. For more information, refer to
Shared
Key".
4.
Configure one or more encrypted connections. For more information, refer to
Connection".
Type commit and press Enter to save the changes, or type revert and press Enter to abort.
5.
Section 5.29.3
Configuring Certificates and Keys
To configure certificates and keys for IPsec Tunnels, do the following:
1.
Make sure the CLI is in Configuration mode.
2.
Add a CA certificate and Certificate Revocation List (CRL). For more information, refer to
"Adding a CA Certificate and CRL"
3.
Add a private key. For more information, refer to
4.
Add a certificate. For more information, refer to
5.
Add a public key. For more information, refer to
6.
Navigate to tunnel » ipsec » connection » {connection} » {end}, where {connection} is the name of the
connection and {end} is the either the left (local router) or right (remote router) connection end.
7.
Configure the system public key by typing:
tunnel ipsec connection connection [ left | right ] key type certificate
Where:
• connection is the name of the connection
8.
Configure the system identifier by typing:
tunnel ipsec connection connection [ left | right ] identifier type from-certificate
Where:
• connection is the name of the connection
Type commit and press Enter to save the changes, or type revert and press Enter to abort.
9.
Section 5.29.4
Viewing the IPsec Tunnel Status
To view the status of the IPsec tunnel, type:
1.
Make sure the CLI is in Configuration mode.
2.
Display the status by typing:
tunnel ipsec status
A table or list similar to the following example appears:
status
========================================================
000 using kernel interface: netkey
000 interface lo/lo ::1
460
Section 5.29.5.2, "Adding a Pre-
Section 4.7.2.2, "Adding a Private
Section 4.7.4.3, "Adding a
Section 4.7.3.2, "Adding a Public
RUGGEDCOM ROX II
CLI User Guide
Section 5.29.6.2, "Adding a
Section 4.7.1.3,
Key".
Certificate".
Key".
Configuring Certificates and Keys