3Com 3C13636 Configuration Manual page 1194

3Com Router 3000 Ethernet Family
Configuration Guide
II. Network diagram
Router A Router A
e0 e0
10.1. 1 10.1. 1 .1 .1
PC A PC A
10.1.1.2 10.1.1.2
Figure 9-2 IKE authentication with PKI certificate
III. Configuration procedures
1) Configure Router A:
# Use the defaulted IKE policy on Router A and enable PKI (rsa-signature) to
authenticate identity.
[RouterA] ike proposal 1
[RouterA-ike-proposal-1] authentication-method rsa-signature
[RouterA-ike-proposal-1] quit
# Configure parameters on PKI domain.
[RouterA]pki domain 1
[RouterA-pki-domain-1] ca identifier CA1
[RouterA-pki-domain-1]
http://1.1.1.100/certsrv/mscep/mscep.dll
[RouterA-pki-domain-1] certificate request entity en
[RouterA-pki-domain-1] ldap-server ip 1.1.1.102
# Configure CRL distribution point location (if CRL check is disabled, this configuration
is not necessary).
[RouterA-pki-domain-1] crl url ldap://1.1.1.102
[RouterA-pki-domain-1] quit
PKI Certificate System PKI Certificate System
CA1 CA1 CA1
1.1.1.101 1.1.1.101 1.1.1.101
RA 1 RA 1 RA 1 LDAP1 LDAP1 LDAP1
1.1.1.100 1.1.1.100 1.1.1.100 1.1.1.102 1.1.1.102 1.1.1.102
s0 s0
202.38.163.1 202.38.163.1
Internet Internet
3Com Corporation
CA2 CA2 CA2
2.1.1.101 2.1.1.101 2.1.1.101
RA2 RA2 RA2 LDAP2 LDAP2
2.1.1.100 2.1.1.100 2.1.1.100 2.1.1.102 2.1.1.102
s0 s0
Router B Router B
202 .38.162. 1 202 .38.162. 1
10.1. 2 10.1. 2
10.1.2 .2 10.1.2 .2
certificate
9-19
Chapter 9 PKI Configuration
e0 e0
.1 .1
10 10
PC B PC B
request url