Ericsson HL950 Administrator's Manual page 82

Multi service edge device

Hide thumbs Also See for HL950:

Quick installation manual (20 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

Table of Contents

Multi Service Edge Device HL950

Administrator's Guide

DATA1>add security ike name=IRM1DSIPPFY768R, TYPE=INIT, mode=main,

lidt=ipv4, ridt=ipv4, etyp=des, atyp=sha1,

dhgr=modp768, pfs=true, amode=rsa, likb=10000000, lidd=10.0.1.10,

lsgw=10.0.1.10, ridd=10.0.1.11, rsgw=10.0.1.11

DATA2>add security ike name=IRM1DSIPPFY768R, type=resp, mode=main,

lidt=ipv4, ridt=ipv4, etyp=des, atyp=sha1,

dhgr=modp768, pfs=true, amode=rsa, likb=1000000, lidd=10.0.1.11,

lsgw=10.0.1.11,rsgw=10.0.1.10,ridd=10.0.1.10

Example 3:

DATA1> add security ike name=BB3DSIPPFS7PKE,

type=both,mode=main,lidt=ipv4,ridt=ipv4,etyp=3des,atyp=sha1,dhgr=

modp768,pfs=true,amode=pkey,likb=10000,pkey=qwertyuiopasdfghjklz,lidd=10.0.

1.10,lsgw=10.0.1.10,ridd=10.0.1.11,rsgw=10.0.1.11

DATA2> add security ike name=BB3DSIPPFS7PKE,

type=both,mode=main,lidt=ipv4,ridt=ipv4,etyp=3des,atyp=sha1,dhgr=

modp768,pfs=true,amode=pkey,likb=10000,pkey=qwertyuiopasdfghjklz,lidd=10.0.

1.11,lsgw=10.0.1.11,ridd=10.0.1.10,rsgw=10.0.1.10

Example 4:

DATA1> add security ike

name=BBDMPFS1PKEY,type=both,mode=main,lidt=ipv4,ridt=ipv4,etyp=3des,atyp=md

5,dhgr=modp1024,pfs=true,amode=pkey,lsgw=10.0.1.10,lidd=10.0.1.10,rsgw=10.0

.1.11,ridd=10.0.1.11,pkey=qwertyuiopasdfgh

DATA2> add security ike

name=BBDMPFS1PKEY,type=both,mode=main,lidt=ipv4,ridt=ipv4,etyp=3des,atyp=md

5,dhgr=modp1024,pfs=true,amode=pkey,lsgw=10.0.1.11,lidd=10.0.1.11,rsgw=10.0

.1.10,ridd=10.0.1.10,pkey=qwertyuiopasdfgh

4.6.3.3

CERTIFICATE

The SECURITY CERTIFICATE command is used to control the Certificate service.

Digital certificates are strings (generated using encryption and authentication schemes which cannot

be duplicated by anyone without access to the different values used in the production of the string)

issued by Certification Authorities (CAs) to authenticate a person or a workstation uniquely. The

HL950 uses these certificates to authenticate users at the end points during IKE key establishment

process.

The certificates can be obtained from any of the several CAs established by providing the particulars

of the user being identified to the CA. The information to be provided may include user's name, e-mail

ID, and domain name etc.

The certificates can be added to the HL950 and can then be used to form IKE policies for the user.

Once a certificate is established for a user, and the corresponding IKE policy is added, whenever the

user tries to send the traffic through the HL950 the certificates are used in place of pre-shared keys

during initial key exchange as authentication and key generation mechanism. Once the keys are

EN/LZT 108 5995 R3

June 2003

Page 82 (159)

Table of Contents

This manual is also suitable for:

Zat 759 63/a101 Zat 759 63/a2011 Zat 759 63/a2012 Zat 759 63/a301

Ericsson HL950 Administrator's Manual page 82

Related Manuals for Ericsson HL950

Related Products for Ericsson HL950

This manual is also suitable for:

Table of Contents