Table of Contents
Advertisement
Virtual Private Networks (VPN)
x509: Uses private key and X.509 certificates to authenticate with the remote peer.
n
a. For the private_key parameter, paste the device's private RSA key in PEM format:
b. Set the private key passphrase that is used to decrypt the private key. Leave blank
c. For the cert parameter, paste the local X.509 certificate in PEM format:
d. Set the method for verifying the peer's X.509 certificate:
11. (Optional) Configure the device to connect to its remote peer as an XAUTH client:
a. Enable XAUTH client functionality:
(config vpn ipsec tunnel ipsec_example)> xauth_client enable true
(config vpn ipsec tunnel ipsec_example)>
Digi Connect EZ Mini User Guide
(config vpn ipsec tunnel ipsec_example)> auth peer_public_key
key
(config vpn ipsec tunnel ipsec_example)>
(config vpn ipsec tunnel ipsec_example)> auth private_key key
(config vpn ipsec tunnel ipsec_example)>
if the private key is not encrypted.
(config vpn ipsec tunnel ipsec_example)> auth private_key_
passphrase passphrase
(config vpn ipsec tunnel ipsec_example)>
(config vpn ipsec tunnel ipsec_example)> auth cert certificate
(config vpn ipsec tunnel ipsec_example)>
(config vpn ipsec tunnel ipsec_example)> auth peer_verify value
(config vpn ipsec tunnel ipsec_example)>
where value is either:
cert: Uses the peer's X.509 certificate in PEM format for verification.
l
o
For the peer_cert parameter, paste the peer's X.509 certificate in PEM
format:
(config vpn ipsec tunnel ipsec_example)> auth peer_cert
certificate
(config vpn ipsec tunnel ipsec_example)>
ca: Uses the Certificate Authority chain for verification.
l
For the ca_cert parameter, paste the Certificate Authority (CA) certificates.
o
These must include all peer certificates in the chain up to the root
CA certificate, in PEM format.
(config vpn ipsec tunnel ipsec_example)> auth ca_cert cert_
chain
(config vpn ipsec tunnel ipsec_example)>
IPsec
137
Advertisement
Table of Contents
