Table of Contents
Advertisement
Virtual Private Networks (VPN)
-1 — (Default) No debug information is written. This is the equivalent of turning off debug
n
messages for IPsec.
0 — Basic auditing logs, (for example, SA up/SA down).
n
1 — Generic control flow with errors. Select this for basic debugging information.
n
2 — More detailed debugging control flow.
n
3 — Includes RAW data dumps in hexadecimal format.
n
4 — Also includes sensitive material in dumps (for example, encryption keys).
n
To access the shell menu option, you must have shell access enabled. See
information about configuring authentication groups that include shell access.
Command line
1. Log into the TX54 command line as a user with shell access.
Depending on your device configuration, you may be presented with an Access selection
menu. Type shell to access the device shell.
2. At the shell prompt, execute the following command:
# ipsec stroke loglevel ike debug_level
#
where debug_level is one of the following:
-1 — (Default) No debug information is written. This is the equivalent of turning off
n
debug messages for IPsec.
0 — Basic auditing logs, (for example, SA up/SA down).
n
1 — Generic control flow with errors. Select this for basic debugging information.
n
2 — More detailed debugging control flow.
n
3 — Includes RAW data dumps in hexadecimal format.
n
4 — Also includes sensitive material in dumps (for example, encryption keys).
n
3. Type exit to exit the Admin CLI.
Depending on your device configuration, you may be presented with an Access selection
menu. Type quit to disconnect from the device.
Configure a Simple Certificate Enrollment Protocol client
Simple Certificate Enrollment Protocol (SCEP) is a mechanism that allows for large-scale X.509
certificate deployment. You can configure TX54 device to function as a SCEP client that will connect to
a SCEP server that is used to sign Certificate Signing Requests (CSRs), provide Certificate Revocation
Lists (CRLs), and distribute valid certificates from a Certificate Authority (CA).
Required configuration
Enable the SCEP client.
n
The fully-qualified domain name of the SCEP server to be used for certificate requests.
n
The challenge password provided by the SCEP server that the SCEP client will use when
n
making SCEP requests.
TX54 User Guide
IPsec
Authentication groups
for
420
Advertisement
Table of Contents
