authentication
Copyright © 2010, Juniper Networks, Inc.
Providing this information enables the remote peer to enter the router's public key
on its own system.
The show ipsec key mypubkey rsa command enables you to display the contents
of the router's public key without having to obtain a digital certificate.
Obtain the public key from the remote peer.
5.
For example, you might receive an e-mail message from the remote peer containing
the public key information.
Configure the public key for the remote IKE peer.
6.
a.
Access IPSec Peer Public Key Configuration mode.
You must identify the remote peer associated with the public key by specifying
the remote peer's IP address, fully qualified domain name (FQDN), or FQDN
preceded by an optional user@ specification. For example, the following
command enables you to enter the peer public key for the remote peer identified
by IP address 192.168.15.5.
host1(config)#ipsec key pubkey-chain rsa address 192.168.15.5
host1(config-peer-public-key)#
b.
Enter the peer public key that you obtained in Step 5.
host1(config-peer-public-key)#key-string "
Enter remainder of text message. End with the character '"'.
30820122 300d0609 2a864886 f70d0101 01050003 82010f00 3082010a 02820101
00effc6f d91cbf23 5de66454 420db27a 0bacfc92 63a54e60 587c3e1c 951be4e8
09e7d130 da924040 0ceb797c ddc0df10 dabeb3fc a17145ff 6e7ff977 68ac0698
748d30f4 478252ed 29bf3e4e a6657cc8 cfaf1de4 e7dc2473 33231286 0ecfb15b
4aac505b 255f17ca faf884ca f0402022 5ad6f446 e0f3fb1e d48bbc00 5d4fe9b6
35f88b53 1bf4f07c b168e47b b7143181 5bad4586 0abb7b03 6dba9668 b45e3714
0b64ca82 3a53f69b 357a7d41 f512da37 71901b14 08212648 277f6d38 6bc34164
8c3ac8d4 d9c8baac dc006dac 8c09ce37 44a5d124 b69fec24 df0fc3a8 98e6efc8
5a1d65eb e4b832ba adc26c63 1996fe37 e797ecff 6e2acdd6 0981ef2c 3dd2f506
01020301 0001"
c.
(Optional) Verify the peer public key configuration.
host1#show ipsec key pubkey-chain rsa address 192.168.15.5
30820122 300d0609 2a864886 f70d0101 01050003 82010f00 3082010a 02820101
00effc6f d91cbf23 5de66454 420db27a 0bacfc92 63a54e60 587c3e1c 951be4e8
09e7d130 da924040 0ceb797c ddc0df10 dabeb3fc a17145ff 6e7ff977 68ac0698
748d30f4 478252ed 29bf3e4e a6657cc8 cfaf1de4 e7dc2473 33231286 0ecfb15b
4aac505b 255f17ca faf884ca f0402022 5ad6f446 e0f3fb1e d48bbc00 5d4fe9b6
35f88b53 1bf4f07c b168e47b b7143181 5bad4586 0abb7b03 6dba9668 b45e3714
0b64ca82 3a53f69b 357a7d41 f512da37 71901b14 08212648 277f6d38 6bc34164
8c3ac8d4 d9c8baac dc006dac 8c09ce37 44a5d124 b69fec24 df0fc3a8 98e6efc8
5a1d65eb e4b832ba adc26c63 1996fe37 e797ecff 6e2acdd6 0981ef2c 3dd2f506
01020301 0001
Chapter 8: Configuring Digital Certificates
225