Cisco ASR 1000 Series Common Criteria Operational User Guidance And Preparative Procedures page 37

Aggregation services router

Hide thumbs Also See for ASR 1000 Series:

Software configuration manual (602 pages)

Configuration manual (442 pages)

Replacing (120 pages)

Table Of Contents

Table of Contents

5. Configure subject-name settings for the certificate: subject-name

CN=hostname.domain.com,OU=OU-name

Device (ca-trustpoint)#subject-name CN=asrTOE.cisco.com,OU=TAC

6. Set revocation check method: revocation-check crl

Device (ca-trustpoint)#revocation-check crl

Device (ca-trustpoint)#exit

7. Create the certificate signing request: crypto pki enroll trustpoint-name

Device (config)#crypto pki enroll ciscotest

4.6.4.2

Securely Connecting to a Certificate Authority for Certificate

Signing

The TOE must communicate with the CA for Certificate Signing over IPSEC. This

authentication will use pre-shared keys.

Following are sample instructions to configure the TOE to support an IPsec tunnel with aes

encryption, with 10.10.10.102 as the IPsec peer IP on the CA, 10.10.10.110 as the local TOE IP.

TOE-common-criteria#configure terminal

TOE-common-criteria(config)#crypto isakmp policy 1

TOE-common-criteria(config-isakmp)#encryption aes

TOE-common-criteria(config-isakmp)#authentication pre-share

TOE-common-criteria(config-isakmp)#group 14

TOE-common-criteria(config-isakmp)#lifetime 86400

TOE-common-criteria(config)#crypto isakmp key [insert 22 character preshared key]

address 10.10.10.101

TOE-common-criteria(config)#crypto ipsec transform-set sampleset esp-aes esp-sha-

hmac

TOE-common-criteria(cfg-crypto-trans)#mode tunnel

TOE-common-criteria(config)#crypto map sample 19 ipsec-isakmp

TOE-common-criteria(config-crypto-map)#set peer 10.10.10.102

TOE-common-criteria(config-crypto-map)#set transform-set sampleset

TOE-common-criteria(config-crypto-map)#set pfs group14

TOE-common-criteria(config-crypto-map)#match address 170

TOE-common-criteria(config-crypto-map)#exit

TOE-common-criteria(config)#interface g0/0

TOE-common-criteria(config-if)#ip address 10.10.10.110 255.255.255.0

TOE-common-criteria(config-if)#crypto map sample

TOE-common-criteria(config-if)#exit

TOE-common-criteria(config)# access-list 170 permit ip 10.10.10.0 0.255.255.255

10.10.10.0 0.255.255.255

Page 37 of 72

Table of Contents

Show Quick Links

Hide quick links:

Table of Contents

This manual is also suitable for:

Asr 1001 Asr 1002x Asr 1004 Asr 1006 Asr 1013 Asr 1001hx ... Show all

Cisco ASR 1000 Series Common Criteria Operational User Guidance And Preparative Procedures page 37

Hide quick links:

Related Manuals for Cisco ASR 1000 Series

Related Products for Cisco ASR 1000 Series

This manual is also suitable for:

Table of Contents