1844
C
HAPTER
97: PKI C
ONFIGURATION
Applying RSA Digital
Signature in IKE
Negotiation
Network requirements
■
An IPSec tunnel is set up between Router A and Router B to secure the data
streams between Host A on the subnet 10.1.1.0/24 and Host B on the subnet
11.1.1.0/24.
■
Router A and Router B use IKE for IPSec tunnel negotiation and RSA digital
signature of a PKI certificate system for identify authentication.
■
As shown in
Figure 534
, Router A and Router B have different CAs. They may
use the same CA as required.
Network diagram
Figure 534
Diagram for applying RSA digital signature in IKE negotiation
Configuration procedure
1
Configure Router A
# Configure the entity name space.
<RouterA> system-view
[RouterA] pki entity en
[RouterA-pki-entity-en] ip 2.2.2.1
[RouterA-pki-entity-en] common-name routerA
[RouterA-pki-entity-en] quit
# Configure the PKI domain. Note that the URL of the enrollment server varies by
the CA server.
Internet
RA 1
1.1.1.100/32
LDAP 1
1.1.1 .102 /32
CA 1
1.1.1.101/32
RA 2
2.1.1.100/32
LDAP 2
2.1.1 .102 /32
CA 2
2.1.1.101 /32
PKI certificate system
Router A
Router B
Host A
Host B
S2/0
2.2 .2.1/24
S2/0
3.3 .3.1/24
Eth1/0
10 .1.1.1/24
Eth1/0
11.1.1.1/24
10.1 .1.2/24
11 .1.1.2/24
Summary of Contents for MSR 50 Series
Page 152: ...152 CHAPTER 5 ATM CONFIGURATION...
Page 210: ...210 CHAPTER 6 DCC CONFIGURATION...
Page 234: ...234 CHAPTER 7 DLSW CONFIGURATION...
Page 344: ...344 CHAPTER 14 X 25 AND LAPB CONFIGURATION...
Page 350: ...350 CHAPTER 15 LINK AGGREGATION OVERVIEW...
Page 358: ...358 CHAPTER 17 MODEM CONFIGURATION...
Page 486: ...486 CHAPTER 23 MSTP CONFIGURATION...
Page 506: ...506 CHAPTER 25 VOICE VLAN CONFIGURATION...
Page 510: ...510 CHAPTER 26 PORT ISOLATION CONFIGURATION...
Page 524: ...524 CHAPTER 27 DYNAMIC ROUTE BACKUP CONFIGURATION...
Page 538: ...538 CHAPTER 28 LOGICAL INTERFACE CONFIGURATION...
Page 548: ...548 CHAPTER 29 CPOS INTERFACE CONFIGURATION...
Page 572: ...572 CHAPTER 32 DHCP OVERVIEW...
Page 604: ...604 CHAPTER 36 DHCP SNOOPING CONFIGURATION...
Page 608: ...608 CHAPTER 37 BOOTP CLIENT CONFIGURATION...
Page 646: ...646 CHAPTER 42 IP UNICAST POLICY ROUTING CONFIGURATION...
Page 650: ...650 CHAPTER 43 UDP HELPER CONFIGURATION...
Page 738: ...738 CHAPTER 50 IPV6 UNICAST POLICY ROUTING CONFIGURATION...
Page 770: ...770 CHAPTER 51 TERMINAL ACCESS CONFIGURATION...
Page 798: ...798 CHAPTER 52 FEP INSTALLATION AND CONFIGURATION...
Page 808: ...808 CHAPTER 53 TERMINAL ACCESS TROUBLESHOOTING...
Page 814: ...814 CHAPTER 54 TERMINAL ACCESS FAQ...
Page 824: ...824 CHAPTER 55 IP ROUTING OVERVIEW...
Page 876: ...876 CHAPTER 56 BGP CONFIGURATION...
Page 916: ...916 CHAPTER 57 IS IS CONFIGURATION...
Page 970: ...970 CHAPTER 58 OSPF CONFIGURATION...
Page 1006: ...1006 CHAPTER 60 ROUTING POLICY CONFIGURATION...
Page 1013: ...Configuration Example 1013 3 1 ms 1 ms 1 ms 1 1 2 2 Trace complete...
Page 1014: ...1014 CHAPTER 61 STATIC ROUTING CONFIGURATION...
Page 1048: ...1048 CHAPTER 63 IPV6 IS IS CONFIGURATION...
Page 1068: ...1068 CHAPTER 64 IPV6 OSPFV3 CONFIGURATION...
Page 1080: ...1080 CHAPTER 65 IPV6 RIPNG CONFIGURATION...
Page 1114: ...1114 CHAPTER 68 MULTICAST ROUTING AND FORWARDING CONFIGURATION...
Page 1160: ...1160 CHAPTER 70 MSDP CONFIGURATION...
Page 1234: ...1234 CHAPTER 73 MLD CONFIGURATION...
Page 1278: ...1278 CHAPTER 74 IPV6 PIM CONFIGURATION...
Page 1310: ...1310 CHAPTER 75 MULTICAST VPN CONFIGURATION...
Page 1344: ...1344 CHAPTER 76 MPLS BASICS CONFIGURATION...
Page 1458: ...1458 CHAPTER 78 MPLS L2VPN CONFIGURATION...
Page 1556: ...1556 CHAPTER 79 MPLS L3VPN CONFIGURATION...
Page 1588: ...1588 CHAPTER 80 DVPN CONFIGURATION...
Page 1648: ...1648 CHAPTER 85 QOS POLICY CONFIGURATION...
Page 1696: ...1696 CHAPTER 89 MPLS QOS CONFIGURATION...
Page 1708: ...1708 CHAPTER 90 DAR CONFIGURATION...
Page 1728: ...1728 CHAPTER 91 FRAME RELAY QOS CONFIGURATION...
Page 1750: ...1750 CHAPTER 92 802 1X CONFIGURATION...
Page 1788: ...1788 CHAPTER 93 AAA RADIUS HWTACACS CONFIGURATION...
Page 1810: ...1810 CHAPTER 95 MAC AUTHENTICATION CONFIGURATION...
Page 1850: ...1850 CHAPTER 97 PKI CONFIGURATION...
Page 1872: ...1872 CHAPTER 98 PORTAL CONFIGURATION...
Page 1970: ...1970 CHAPTER 106 BACKUP CENTER CONFIGURATION...
Page 2048: ...2048 CHAPTER 110 NETSTREAM CONFIGURATION...
Page 2084: ...2084 CHAPTER 112 RMON CONFIGURATION...
Page 2094: ...2094 CHAPTER 113 SNMP CONFIGURATION...
Page 2114: ...2114 CHAPTER 115 FTP CONFIGURATION...
Page 2124: ...2124 CHAPTER 117 SYSTEM MAINTAINING AND DEBUGGING...
Page 2154: ...2154 CHAPTER 119 INFORMATION CENTER CONFIGURATION...
Page 2170: ...2170 CHAPTER 121 MAC ADDRESS TABLE MANAGEMENT CONFIGURATION...
Page 2186: ...2186 CHAPTER 123 POE CONFIGURATION...
Page 2198: ...2198 CHAPTER 125 ACFP CONFIGURATION...
Page 2206: ...2206 CHAPTER 126 ACSEI CONFIGURATION...
Page 2216: ...2216 CHAPTER 127 TRACK CONFIGURATION...
Page 2232: ...2232 CHAPTER 128 IPX CONFIGURATION...
Page 2242: ...2242 CHAPTER 129 VOICE OVERVIEW...
Page 2244: ...2244 CHAPTER 130 VOIP OVERVIEW...
Page 2288: ...2288 CHAPTER 132 VOICE ENTITY CONFIGURATION...
Page 2342: ...2342 CHAPTER 134 E1 AND T1 CONFIGURATION...
Page 2354: ...2354 CHAPTER 135 FAX OVER IP CONFIGURATION...
Page 2366: ...2366 CHAPTER 136 H 323 CONFIGURATION...
Page 2384: ...2384 CHAPTER 137 SIP OVERVIEW...