Enterasys-networks Security Router X-PeditionTM Uživatelský manuál Strana 350
- Strana / 466
- Tabulka s obsahem
- KNIHY
Hodnocené. / 5. Na základě hodnocení zákazníků
VPN Configuration Overview
14-28 Configuring the Virtual Private Network
– crypto ca certificate chain
– no certificate - The serial number can be found in: show crypto ca certificates
• Remove CA identities and all associated CA and IPSec client certificates by entering
no
crypto ca identity <ca name>
.
Configuring PKI
The main steps to configure PKI are as follows:
• Obtain the CA name and URL
• Identify the CA, retrieve and authenticate the certificate
• Verify the root certificate was received
• Configure CA retrieval attributes and update CRLs
• Specify a host(s) for the CRL mechanism
• Enroll in an end-entity certificate
• Verify the end-entity certificate is valid
• Optional: change the enrollment retry period and count
For step-by-step instructions, refer to the following PKI Certificate example.
PKI Certificate Enrollment Example
This PKI example illustrates authenticating to and enrolling with a Certificate Authority (CA) for
an end-entity certificate for the IPSec gateway. Local IPSec uses end-entity certificates to establish
SAs for IPSec connectivity. You must authenticate against all CAs which may have provided
certificates to any of the remote systems that may be building IPSec links to the local system.
1. Begin by asking your CA administrator for your CA name and URL.
The CA’s URL defines its IP address, path and default port (80). You can resolve the CA server
address manually by pinging its IP address.
2. Be sure that the XSR time setting is correct according to the UTC time zone so that it is
synchronized with the CA’s time. For example:
XSR#clock timezone -5 0
3. Specify the enrollment URL, authenticate the CA and retrieve the root certificate. Check your
CA Website to ensure the printed fingerprint matches the CA's fingerprint, which is retrieved
from the CA itself, to verify the CA is legitimate. If bona fide, accept the certificate, if not,
check that the certificate is deleted and not stored in the CA database. In some cases you may
need to specify a particular CA identity name. Consult your administrator for more details.
XSR(config)#crypto ca identity ldapca
XSR(config-ca-identity)#enrollment url http://192.168.1.33/certsrv/mscep/
mscep.dll/
XSR(config-ca-identity)#exit
XSR(config)#crypto ca authenticate ldapca
Note: If you have multiple CAs in a chained environment, you need only identify each CA and obtain
each CA certificate within the chain using the
crypto ca identity and crypto ca
authenticate
commands, respectively, as illustrated in Step 2 on page 14-28.
- X-Pedition 1
- Security Router 1
- Australian Telecom 7
- APPROVED 8
- SS/366.01 8
- Enterasys Networks, Inc 9
- Firmware License Agreement 9
- Contents 13
- Chapter 5: Configuring IP 15
- Chapter 8: Configuring PPP 19
- Chapter 13: Configuring ADSL 23
- Chapter 15: Configuring DHCP 25
- Contents of the Guide 29
- XSR User’s Guide xxix 31
- Getting Help 32
- 1-2 Overview 34
- XSR User’s Guide 1-3 35
- 1-4 Overview 36
- Managing the XSR 37
- 2-2 Managing the XSR 38
- Connecting via Telnet 39
- Connecting via SSH 39
- Accessing the Initial Prompt 40
- Synchronizing the Clock 40
- Managing the Session 41
- Remote Auto Install 41
- 2-6 Managing the XSR 42
- RAI Requirements on the XSR 43
- How RAI Components Work 43
- Bootp Client 44
- Reverse DNS Client 44
- TFTP Client 44
- Frame Relay (Central Site) 44
- XSR User’s Guide 2-9 45
- PPP RAI over a Leased Line 46
- PPP RAI over a Dial-in Line 46
- PPP RAI over ADSL 46
- CLI Editing Rules 47
- 2-12 Managing the XSR 48
- Global Configuration Mode 50
- Exiting From the Current Mode 50
- Mode Examples 51
- CLI Command Limits 52
- Supported Physical Interfaces 52
- Supported Virtual Interfaces 52
- Supported Ports 53
- Adding Table Entries 56
- Managing XSR Interfaces 57
- Enabling an Interface 58
- Disabling an Interface 58
- Configuring an Interface 58
- Managing Message Logs 59
- Performing Fault Management 59
- Fault Report Commands 60
- Capturing Fault Report Data 60
- Using the Real-Time Clock 61
- CTRL-C to enter Bootrom mode 62
- Configuration Save Options 63
- Bulk Configuration Management 63
- Full-config Backup 64
- Managing the Software Image 65
- 2-30 Managing the XSR 66
- XSR User’s Guide 2-31 67
- Local Bootrom Upgrade 68
- XSR User’s Guide 2-33 69
- Loading Software Images 70
- XSR User’s Guide 2-35 71
- Software Image Commands 72
- Configuration Change Hashing 72
- Memory Management 73
- 2-38 Managing the XSR 74
- SNMP Informs 75
- Shaping Trap Traffic 75
- Statistics 75
- Alarm Management (Traps) 76
- Via SNMP 78
- Schedule a measurement 78
- Using the SLA Agent in SNMP 79
- Cabletron CTdownload MIB 79
- CLI Translator 80
- Network Management Tools 81
- Fault Reporting 82
- Auto-discovery 82
- Managing LAN/WAN Interfaces 83
- Configuring the LAN 84
- MIB Statistics 84
- Overview of WAN Interfaces 85
- WAN Features 85
- Configuring the WAN 86
- XSR User’s Guide 3-5 87
- T1/E1 Subsystem Configuration 91
- T3/E3 Subsystem Configuration 91
- Drop and Insert Features 92
- XSR User’s Guide 4-5 93
- Configuring the D&I NIM 101
- Configuring IP 103
- General IP Features 104
- 5-2 Configuring IP 104
- XSR User’s Guide 5-3 105
- BOOTP/DHCP Relay 106
- ARP and Proxy ARP 106
- Proxy DNS 106
- Broadcast 107
- 5-6 Configuring IP 108
- IP Interface 109
- Secondary IP 109
- ARP & Secondary IP 110
- ICMP & Secondary IP 110
- XSR User’s Guide 5-9 111
- IP Routing Protocols 112
- RIPv1 and v2 113
- Triggered-on-Demand RIP 114
- XSR User’s Guide 5-13 115
- 5-14 Configuring IP 116
- OSPF Database Overflow 117
- OSPF Passive Interfaces 118
- OSPF Troubleshooting 119
- Null Interface 119
- Route Preference 119
- Static Routes 120
- VLAN Routing 120
- XSR User’s Guide 5-19 121
- Physical layout 121
- Logical layout 121
- Policy Based Routing 124
- Match Clauses 125
- Set Clauses 125
- PBR Cache 125
- Default Network 126
- Router ID 126
- XSR User’s Guide 5-25 127
- Network Address Translation 128
- XSR User’s Guide 5-27 129
- VRRP Definitions 130
- How the VRRP Works 131
- VRRP Features 132
- XSR User’s Guide 5-31 133
- ICMP Ping 134
- Interface Monitoring 134
- Watch Group Monitoring 135
- Equal-Cost Multi-Path (ECMP) 136
- Configuring RIP Examples 137
- 5-36 Configuring IP 138
- Configuring OSPF Example 139
- Configuring NAT Examples 140
- Dynamic Pool Configuration 141
- External 141
- 200.20.2.1 142
- 5-42 Configuring IP 144
- NAT Port Forwarding 146
- Configuring VRRP Example 147
- Configuring VLAN Examples 148
- Features 149
- Overview 149
- Describing BGP Messages 150
- Defining BGP Path Attributes 151
- Next Hop 153
- Local Preference 153
- Atomic Aggregate 155
- Aggregator 156
- Multi-Exit Discriminator 156
- Community 157
- BGP Path Selection Process 159
- BGP Routing Policy 159
- Access Control Lists 160
- Filter Lists 160
- Community Lists 160
- Route Maps 160
- Regular Expressions 161
- Regular Expression Characters 161
- Regular Expression Examples 161
- Peer Groups 162
- Initial BGP Configuration 163
- Adding BGP Neighbors 163
- Resetting BGP Connections 163
- Synchronization 164
- Address Aggregation 164
- Route Flap Dampening 164
- Capability Advertisement 165
- Route Refresh 165
- Scaling BGP 166
- Route Reflectors 167
- Confederations 168
- XSR User’s Guide 6-21 169
- Configuring BGP Route Maps 170
- Configuring BGP Neighbors 171
- BGP Aggregate Route Examples 172
- Configuring BGP Peer Groups 173
- EBGP Peer Group Example 174
- XSR User’s Guide 6-27 175
- Configuring PIM-SM and IGMP 177
- IP Multicast Overview 178
- Outlining IGMP Versions 179
- Forwarding Multicast Traffic 180
- Group Membership Actions 181
- Receiving a Query 182
- Receiving a Report 182
- Query Version Distinctions 182
- XSR User’s Guide 7-7 183
- XSR User’s Guide 7-9 185
- ip pim dr-priority command 186
- PIM Register Message 187
- PIM Join/Prune Message 187
- Assert Processing 187
- Source-Specific Multicast 188
- PIM SM over Frame Relay 188
- PIM Configuration Examples 189
- Configuring PPP 191
- Link Control Protocol (LCP) 192
- Authentication 193
- Link Quality Monitoring (LQM) 194
- Multilink PPP (MLPPP) 194
- Multi-Class MLPPP 195
- PPP Features 196
- 8-6 Configuring PPP 196
- XSR User’s Guide 8-7 197
- IP Control Protocol (IPCP) 198
- IP Address Assignment 199
- for the cable your 201
- 8-12 Configuring PPP 202
- Multilink Example 203
- Dialer Example 203
- Configuring BAP 204
- XSR2 Configuration 205
- XSR1 Configuration 206
- XSR User’s Guide 8-17 207
- 8-18 Configuring PPP 208
- Configuring Frame Relay 209
- 9-2 Configuring Frame Relay 210
- Frame Relay Features 211
- Address Resolution 212
- Discard Eligibility (DE) Bit 213
- 9-6 Configuring Frame Relay 214
- XSR User’s Guide 9-7 215
- FRF.12 Fragmentation 216
- 9-8 Configuring Frame Relay 216
- XSR User’s Guide 9-9 217
- Frame Relay 218
- Central Sites 218
- Branch Sites 218
- XSR User’s Guide 9-11 219
- 9-12 Configuring Frame Relay 220
- XSR User’s Guide 9-13 221
- 9-14 Configuring Frame Relay 222
- Configuring Dialer Services 223
- XSR User’s Guide 10-3 225
- Implementing Dial Services 226
- XSR User’s Guide 10-5 227
- XSR User’s Guide 10-7 229
- XSR User’s Guide 10-9 231
- XSR User’s Guide 10-11 233
- Overview of Dial Backup 235
- XSR User’s Guide 10-13 235
- Link Failure Backup Example 236
- XSR User’s Guide 10-15 237
- Sample Configuration 238
- XSR User’s Guide 10-17 239
- Dialer Interface Spoofing 240
- Dialer Watch 241
- XSR User’s Guide 10-19 241
- Answering Incoming ISDN Calls 242
- Incoming Call Mapping Example 243
- Configuring DoD/BoD 245
- XSR User’s Guide 10-23 245
- XSR User’s Guide 10-25 247
- XSR User’s Guide 10-27 249
- XSR User’s Guide 10-29 251
- Dial-in Router Example 253
- Dial-out Router Example 255
- Bandwidth-on-Demand 257
- Backup Configuration 259
- XSR User’s Guide 10-39 261
- XSR User’s Guide 10-41 263
- XSR User’s Guide 11-1 265
- Understanding ISDN 266
- XSR User’s Guide 11-3 267
- XSR User’s Guide 11-5 269
- + 1st line: 270
- XSR User’s Guide 11-7 271
- + 2nd line: 271
- ISDN Configuration 273
- XSR User’s Guide 11-9 273
- XSR User’s Guide 11-11 275
- XSR User’s Guide 11-13 277
- ISDN BRI 279
- BRI Leased Line 280
- BRI Leased PPP 280
- BRI Leased Frame Relay 280
- Code Cause 281
- XSR User’s Guide 12-1 283
- Traffic Classification 284
- Describing the Class Map 285
- Describing the Policy Map 285
- Mechanisms Providing QoS 286
- XSR User’s Guide 12-5 287
- XSR User’s Guide 12-7 289
- XSR User’s Guide 12-9 291
- XSR User’s Guide 12-11 293
- Configuration per Interface 294
- XSR User’s Guide 12-13 295
- Configuring QoS with FRF.12 296
- QoS on Input 299
- XSR User’s Guide 12-17 299
- QoS on VPN 299
- XSR User’s Guide 12-19 301
- XSR User’s Guide 12-21 303
- QoS and VPN Interaction 304
- XSR User’s Guide 12-23 305
- XSR User’s Guide 12-25 307
- XSR User’s Guide 12-27 309
- QoS with VLAN Policy 310
- Input and Output QoS Policy 310
- XSR User’s Guide 12-29 311
- Configuring ADSL 313
- PDU Encapsulation Choices 314
- XSR User’s Guide 13-3 315
- Routed IP over ATM 316
- ADSL Limitations 317
- ADSL Hardware 317
- 13-6 Configuring ADSL 318
- XSR User’s Guide 13-7 319
- Inverse ARP 320
- Configuration Examples 321
- XSR User’s Guide 13-9 321
- 13-10 Configuring ADSL 322
- XSR User’s Guide 14-1 323
- VPN Overview 323
- XSR User’s Guide 14-3 325
- GRE over IPSec 326
- XSR User’s Guide 14-5 327
- Certificates 328
- XSR User’s Guide 14-7 329
- DF Bit Functionality 331
- XSR User’s Guide 14-9 331
- VPN Applications 332
- VPN tunnel 333
- Client Mode 334
- Network Extension Mode 334
- XSR User’s Guide 14-15 337
- INTERNET 337
- XSR User’s Guide 14-17 339
- XSR VPN Features 340
- XSR User’s Guide 14-19 341
- VPN Configuration Overview 342
- ACL Configuration Rules 343
- XSR User’s Guide 14-23 345
- XSR User’s Guide 14-25 347
- AAA Commands 348
- Configuring AAA 348
- XSR User’s Guide 14-27 349
- Configuring PKI 350
- XSR User’s Guide 14-29 351
- XSR User’s Guide 14-31 353
- Central Site 354
- Branch Office 354
- Test and acquires ISAKMP mode 355
- Test, sequence #40 355
- Test, sequence #20 356
- Test, sequence #30 356
- EZ-IPSec Configuration 357
- Selects IPSec to initiate a 358
- NEM tunnel connection 358
- Remote Access 359
- XSR User’s Guide 14-39 361
- XSR User’s Guide 14-41 363
- XSR User’s Guide 14-43 365
- XSR User’s Guide 14-45 367
- Internet 368
- XSR User’s Guide 14-47 369
- XSR User’s Guide 14-49 371
- XSR User’s Guide 14-51 373
- Configuring DHCP 375
- DHCP Server Standards 376
- DHCP Services 377
- XSR User’s Guide 15-3 377
- BOOTP Legacy Support 378
- XSR User’s Guide 15-5 379
- Router Option 380
- Parameter Request List Option 380
- DHCP Client Interaction 380
- DHCP Client Timeouts 381
- DHCP CLI Commands 382
- DHCP Set Up Overview 383
- XSR User’s Guide 15-9 383
- Configuration Steps 383
- XSR User’s Guide 15-11 385
- BOOTP Client Support Example 386
- DHCP Option Examples 386
- XSR User’s Guide 16-1 387
- XSR User’s Guide 16-3 389
- General Security Precautions 390
- AAA Services 391
- XSR User’s Guide 16-5 391
- XSR User’s Guide 16-7 393
- Firewall Feature Set Overview 395
- XSR User’s Guide 16-9 395
- Types of Firewalls 396
- XSR User’s Guide 16-11 397
- Stateful Inspection Firewalls 398
- Filtering non-TCP/UDP Packets 398
- Application Level Commands 399
- Application Level Gateway 399
- On Board URL Filtering 400
- Configuring URL Redirection 401
- Alarm Logging 402
- XSR User’s Guide 16-17 403
- Firewall and NAT 404
- Firewall and VPN 404
- ACLs and Firewall 404
- Dynamic Reconfiguration 404
- Firewall CLI Commands 405
- XSR User’s Guide 16-19 405
- XSR User’s Guide 16-21 407
- Firewall Limitations 408
- Pre-configuring the Firewall 409
- XSR User’s Guide 16-23 409
- XSR User’s Guide 16-25 411
- Internal 411
- 10.10.10.1 412
- PPPoE/NAT/Firewall 412
- XSR User’s Guide 16-27 413
- XSR User’s Guide 16-29 415
- XSR User’s Guide 16-31 417
- XSR User’s Guide 16-33 419
- XSR User’s Guide 16-35 421
- Alarms/Events, System Limits 423
- Recommended System Limits 424
- System Alarms and Events 425
- XSR User’s Guide A-3 425
- XSR User’s Guide A-5 427
- XSR User’s Guide A-7 429
- SECURITY_LEVEL 430
- XSR User’s Guide A-9 431
- XSR User’s Guide A-11 433
- XSR User’s Guide A-13 435
- XSR User’s Guide A-15 437
- XSR User’s Guide A-17 439
- XSR User’s Guide A-19 441
- XSR SNMP Proprietary and 443
- Associated Standard MIBs 443
- XSR User’s Guide B-3 445
- rtr schedule 446
- General Variables Table 447
- BGP v4 Peer Table 447
- Field Description 448
- BGP-4 Traps 450
- Global Interface Operations 451
- Monitoring Objects 452
- IP Session Counters 453
- IP Session Table 453
- Authenticated Addresses Table 453
- DOS Attacks Blocked Counters 454
- DOS Attacks Blocked Table 454
- VPN MIB Tables 455
- XSR User’s Guide B-13 455
- XSR User’s Guide B-15 457
- XSR User’s Guide B-17 459
- XSR User’s Guide B-19 461
- XSR User’s Guide B-21 463
- Enterasys Syslog Client MIB 464
- Syslog Server Defaults 465
- Units of Conformance 465
- Compliance Statements 466
Související produkty a manuály pro Hardware Enterasys-networks Security Router X-PeditionTM
Hardware Enterasys-networks XSR-3150 Uživatelský manuál
(110 stránky)
(110 stránky)
© 2020, manymanuals.cz. Všechna práva vyhrazena. | 0.076 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Komentáře k této Příručce