1. Manuals
  2. Brands
  3. Juniper Manuals
  4. Software
  5. JUNOSE 11.0.X IP SERVICES
  6. Configuration manual

Juniper JUNOSE 11.0.X IP SERVICES Configuration Manual page 259

For e series broadband services routers - ip services configuration
Hide thumbs
Table of Contents

Advertisement

public keys are exchanged in messages containing an X.509v3 digital certificate. As
an alternative, however, you can configure and exchange peer public keys and use
them for RSA authentication without having to obtain a digital certificate.
To configure and exchange peer public keys without obtaining a digital certificate:
Generate the RSA key pair on the router.
1.
host1(config)#ipsec key generate rsa 1024
Please wait...
IPsec Generate Keys complete
In your IKE policy, set the authentication method to RSA signature.
2.
host1(config)#ipsec ike-policy-rule 1
host1(config-ike-policy)#authentication rsa-sig
host1(config-ike-policy)#exit
host1(config)#exit
NOTE: For more information about setting up IKE policies, see "Defining an IKE
Policy" on page 156 in "Configuring IPSec" on page 125.
Display the router's public key.
3.
host1#show ipsec key mypubkey rsa
30819f30 0d06092a 864886f7 0d010101 05000381 8d003081 89028181 00daaa65
8082ac0a ec42e552 10e3489b 37463ed8 9bfa2541 f46a7b30 0e908749 5b652ae5
ae604e9a 81bc3268 270e7f68 69ffd2a8 be268afa 92849fd0 4e8c96be 3eddf1c2
12d9fe7a 68e8507c 99b59ff3 bb0c3942 b0a90c76 3ae3acbb 4a777037 31527ea0
23693bdc e5393c6f 2ef3e7e7 bb1a308e d42ce0ad a095273e d718384c dd020301
0001
For information about the format of an RSA public key, see "Public Key Format"
on page 221 .
Use the output from the show ipsec key mypubkey rsa command to provide
4.
information to the remote peer about the public key configured on the E Series
router. Providing this information enables the remote peer to enter the router's
public key on its own system.
The show ipsec key mypubkey rsa command enables you to display the contents
of the router's public key without having to obtain a digital certificate.
Obtain the public key from the remote peer.
5.
For example, you might receive an e-mail message from the remote peer
containing the public key information.
Configure the public key for the remote IKE peer.
6.
a. Access IPSec Peer Public Key Configuration mode.
You must identify the remote peer associated with the public key by
specifying the remote peer's IP address, fully qualified domain name (FQDN),
or FQDN preceded by an optional user@ specification. For example, the
following command enables you to enter the peer public key for the remote
peer identified by IP address 192.168.15.5.
Chapter 8: Configuring Digital Certificates
Configuring Peer Public Keys Without Digital Certificates
233

Advertisement

Table of Contents
loading

Related Manuals for Juniper JUNOSE 11.0.X IP SERVICES

Related Products for Juniper JUNOSE 11.0.X IP SERVICES

This manual is also suitable for:

Junose 11.0.x

Table of Contents