LAN-to-LAN Networks with Digital Certificates
LAN-to-LAN Networks with Digital Certificates
Ordering, enrolling, and installing digital certificates
using SCEP was covered in Chapter 14. Once the certificates are installed, two
modifications can be made to use the certificates. These modifications should be
done in the following order:
-
Use the Manager navigation to locate the Configuration |
System | Tunneling Protocols IPSec | IKE Proposals screen to choose the IKE
proposal to be updated to use digital certificates, and then click the Modify
button. The Configuration | System | Tunneling Protocols IPSec | IKE Proposals |
Modify screen, as shown in Figure 16-11, can be used to update the
Authentication Mode to use digital certificates.
Figure 16-11: Update the
Authentication mode to use digital certificates
-
Use the Configuration | System | Tunneling Protocols | IPSec
| LAN-to-LAN screen to modify the existing IPSec LAN-to-LAN connection between
the two VPN Concentrators. By selecting the appropriate connection (toTacoma)
and clicking the Modify button, the Configuration | System | Tunneling Protocols
| IPSec | LAN-to-LAN | Modify screen, previously shown in Figure 16-9, can be used to modify
the LAN-to-LAN connection IPSec SA to support the digital certificate.The
digital certificates drop-down list can be used to select the installed
certificate. Then choose between Entire certificate chain or Identity
certificate only. Choosing Entire certificate chain sends the identity
certificate and all issuing certificates, including the root and any subordinate
CA certificates. Choosing Identity certificate sends the peer only the identity
certificate.
356 times read
|
|
|
Did you enjoy this article?
(total 0 votes)
|
Sections
Comments (0 posted)
Syndication
