Table of Contents
Advertisement
Virtual Private Networks (VPN)
d. Set the method for verifying the peer's X.509 certificate:
11. (Optional) Configure the device to connect to its remote peer as an XAUTH client:
a. Enable XAUTH client functionality:
(config vpn ipsec tunnel ipsec_example)> xauth_client enable true
(config vpn ipsec tunnel ipsec_example)>
b. Set the XAUTH client username:
(config vpn ipsec tunnel ipsec_example)> xauth_client username name
(config vpn ipsec tunnel ipsec_example)>
c. Set the XAUTH client password:
(config vpn ipsec tunnel ipsec_example)> xauth_client password pwd
(config vpn ipsec tunnel ipsec_example)>
12. (Optional) Enable MODECFG client functionality:
MODECFG client functionality configures the device to receive configuration information, such
as the private IP address, from the remote peer.
a. Enable MODECFG client functionality:
(config vpn ipsec tunnel ipsec_example)> modecfg_client enable true
(config vpn ipsec tunnel ipsec_example)>
13. Configure the local endpoint:
a. Set the method for determining the local network interface:
(config vpn ipsec tunnel ipsec_example)> local type value
(config vpn ipsec tunnel ipsec_example)>
Digi Connect IT® Mini User Guide
(config vpn ipsec tunnel ipsec_example)> auth peer_verify value
(config vpn ipsec tunnel ipsec_example)>
where value is either:
cert: Uses the peer's X.509 certificate in PEM format for verification.
l
For the peer_cert parameter, paste the peer's X.509 certificate in PEM
o
format:
(config vpn ipsec tunnel ipsec_example)> auth peer_cert certificate
(config vpn ipsec tunnel ipsec_example)>
ca: Uses the Certificate Authority chain for verification.
l
For the ca_cert parameter, paste the Certificate Authority (CA) certificates.
o
These must include all peer certificates in the chain up to the root
CA certificate, in PEM format.
(config vpn ipsec tunnel ipsec_example)> auth ca_cert cert_chain
(config vpn ipsec tunnel ipsec_example)>
IPsec
198
Advertisement
Table of Contents
