Table of Contents
Advertisement
Virtual Private Networks (VPN)
2. At the command line, type config to enter configuration mode:
> config
(config)>
3. Set the IPsec debug value:
config> vpn ipsec advanced debug value
config>
where value is one of:
none. (Default) No debug messages are written.
n
basic_auditing: Logs basic auditing information, (for example, SA up/SA down).
n
generic_control: Select this for basic debugging information.
n
detailed_control: More detailed debugging control flow.
n
raw_data: Includes raw data dumps in hexadecimal format.
n
sensitive_data: Also includes sensitive material in dumps (for example, encryption
n
keys).
4. Save the configuration and apply the change:
(config)> save
Configuration saved.
>
5. Type exit to exit the Admin CLI.
Depending on your device configuration, you may be presented with an Access selection
menu. Type quit to disconnect from the device.
Configure a Simple Certificate Enrollment Protocol client
Simple Certificate Enrollment Protocol (SCEP) is a mechanism that allows for large-scale X.509
certificate deployment. You can configure TX54 device to function as a SCEP client that will connect to
a SCEP server that is used to sign Certificate Signing Requests (CSRs), provide Certificate Revocation
Lists (CRLs), and distribute valid certificates from a Certificate Authority (CA).
Required configuration
Enable the SCEP client.
n
The fully-qualified domain name of the SCEP server to be used for certificate requests.
n
The challenge password provided by the SCEP server that the SCEP client will use when
n
making SCEP requests.
The distinguished name to be used for the CSR.
n
The file name of the Certificate Revocation List (CRL) from the Certificate Authority (CA).
n
Additional configuration
The number of days that the certificate enrollment can be renewed, prior to the request
n
expiring.
TX54 User Guide
IPsec
442
Advertisement
Table of Contents
