Table of Contents
Advertisement
Virtual Private Networks (VPN)
n
x509: Uses private key and X.509 certificates to authenticate with the remote peer.
a. For the private_key parameter, paste the device's private RSA key in PEM format:
b. Set the private key passphrase that is used to decrypt the private key. Leave blank
c. For the cert parameter, paste the local X.509 certificate in PEM format:
d. Set the method for verifying the peer's X.509 certificate:
11. (Optional) Configure the device to connect to its remote peer as an XAUTH client:
a. Enable XAUTH client functionality:
(config vpn ipsec tunnel ipsec_example)> xauth_client enable true
(config vpn ipsec tunnel ipsec_example)>
IX20 User Guide
(config vpn ipsec tunnel ipsec_example)> auth peer_public_key
key
(config vpn ipsec tunnel ipsec_example)>
(config vpn ipsec tunnel ipsec_example)> auth private_key key
(config vpn ipsec tunnel ipsec_example)>
if the private key is not encrypted.
(config vpn ipsec tunnel ipsec_example)> auth private_key_
passphrase passphrase
(config vpn ipsec tunnel ipsec_example)>
(config vpn ipsec tunnel ipsec_example)> auth cert certificate
(config vpn ipsec tunnel ipsec_example)>
(config vpn ipsec tunnel ipsec_example)> auth peer_verify value
(config vpn ipsec tunnel ipsec_example)>
where value is either:
cert: Uses the peer's X.509 certificate in PEM format for verification.
l
o
For the peer_cert parameter, paste the peer's X.509 certificate in PEM
format:
(config vpn ipsec tunnel ipsec_example)> auth peer_cert
certificate
(config vpn ipsec tunnel ipsec_example)>
ca: Uses the Certificate Authority chain for verification.
l
o
For the ca_cert parameter, paste the Certificate Authority (CA) certificates.
These must include all peer certificates in the chain up to the root
CA certificate, in PEM format.
(config vpn ipsec tunnel ipsec_example)> auth ca_cert cert_
chain
(config vpn ipsec tunnel ipsec_example)>
IPsec
495
Advertisement
Table of Contents
