Table of Contents
Advertisement
Virtual Private Networks (VPN)
1. Log into the Connect EZ command line as a user with full Admin access rights.
Depending on your device configuration, you may be presented with an Access selection
menu. Type admin to access the Admin CLI.
2. At the command line, type config to enter configuration mode:
> config
(config)>
3. Set the IPsec debug value:
config> vpn ipsec advanced debug value
config>
where value is one of:
none. (Default) No debug messages are written.
n
basic_auditing: Logs basic auditing information, (for example, SA up/SA down).
n
generic_control: Select this for basic debugging information.
n
detailed_control: More detailed debugging control flow.
n
raw_data: Includes raw data dumps in hexadecimal format.
n
sensitive_data: Also includes sensitive material in dumps (for example, encryption
n
keys).
4. Save the configuration and apply the change:
(config)> save
Configuration saved.
>
5. Type exit to exit the Admin CLI.
Depending on your device configuration, you may be presented with an Access selection
menu. Type quit to disconnect from the device.
Configure a Simple Certificate Enrollment Protocol client
Simple Certificate Enrollment Protocol (SCEP) is a mechanism that allows for large-scale X.509
certificate deployment. You can configure Connect EZ device to function as a SCEP client that will
connect to a SCEP server that is used to sign Certificate Signing Requests (CSRs), provide Certificate
Revocation Lists (CRLs), and distribute valid certificates from a Certificate Authority (CA).
Required configuration
Enable the SCEP client.
n
The fully-qualified domain name of the SCEP server to be used for certificate requests.
n
The challenge password provided by the SCEP server that the SCEP client will use when
n
making SCEP requests.
The distinguished name to be used for the CSR.
n
The file name of the Certificate Revocation List (CRL) from the Certificate Authority (CA).
n
Digi Connect EZ Mini User Guide
IPsec
162
Advertisement
Table of Contents
