Header
Home | Set as homepage | Add to favorites
  Search the Site     » Advanced Search
Sections
Syndication


Blogroll:

||||| ALL Cisco-Network ARTICLES |||||  
CCIE Journey,
The CCIE Journey,

Home : CCSP-Cisco Certified Security Professional : Using the Certificates

Using the Certificates

Nov 15,2009 by alperen

small font medium font large font
image

Using the Certificates

Once the certificate is installed on the VPN concentrator, you must change settings for IKE negotiation. This requires two screen entries, the IKE transform to be used and the IPSec SA information.

IKE Configuration

Use the Manager navigation to locate the Configuration | System | Tunneling Protocols IPSec | IKE Proposals screen, shown in Figure 14-43. This screen displays both the Active and Inactive IKE options available on the Concentrator.

Click To expand
Figure 14-43: IKE Proposal options

You can change an existing Active proposal from preshared keys to certificates or create a new one. Select an existing proposal, and then click the Modify button or click the Add button. Either way, a screen similar to the one shown in Figure 14-44 appears.

Click To expand
Figure 14-44: IKE Proposal option to be modified

You only have one choice here. Use the Authentication mode drop-down list and select RSA Digital Certificate. Then click the Apply button.

IPSec Configuration

Use the Manager navigation to locate the Configuration | Policy Management | Traffic Management | Security Associations | Modify screen for the appropriate IPSec SA. The resulting screen is large, but the bottom panel, as shown in Figure 14-45, is all that must be changed.

Click To expand
Figure 14-45: Defining the IKE parameters for the IPSec SA

Use the Digital Certificate drop-down list to select the appropriate certificate name.

If necessary, use the IKE Proposal drop-down list to select the IKE proposal defined in the last section, and then click Apply. Configure Cisco


174 times read

Related news
» LAN-to-LAN Networks with Digital Certificates
by alperen posted on Dec 31,2009
» Define the IKE Proposals (Optional)
by alperen posted on Dec 31,2009
» Using SCEP to Manage Certificates
by alperen posted on Nov 15,2009
» Adding a Tunnel
by alperen posted on Dec 31,2009
» Configure the IPSec
by alperen posted on Nov 22,2009
Did you enjoy this article?
1 2 3 4 5
(total 0 votes)

comment Comments (0 posted) 

More Top News
CCSP-Cisco Certified Security Professional
arrow Cisco SAFE Implementation
arrow Preparation Documents
arrow Exam Topics
arrow Skills Required for the Exam
arrow Cisco SAFE Implementation Questions and Answers
arrow Access Control Lists Cisco
arrow Access List Basics
arrow Standard Access Lists
arrow Verifying ACLs
arrow Extended Access Lists
arrow TCP Access Lists
arrow UDP Access Lists
arrow ICMP Access Lists
arrow Named Access Lists
arrow Signature and Alarm Management Review
arrow Signature and Alarm Management Review Questions and Answers
arrow Event Viewer
arrow Managing Alarms
arrow Event Viewer Customization
arrow Preference Settings
arrow Sensor Installation
arrow Connecting to Your Network Sensor Appliance
arrow Sensor Bootstrap
arrow Sensor Installation and Configuration Review
arrow Sensor Installation and Configuration Questions and Answers
arrow Signature and Alarm Management
arrow CIDS Signatures
arrow Signature Series
arrow Signature Implementations
arrow Signature Classes
arrow Signature Types
arrow Signature Severity
Most Popular
Most Commented
Featured Author

alperen

image
<| Cisco Articles | Maximum Learning | All Cisco-Network Study Notes | Privacy Policy |>
If you think you own the material being used without permission, contact alperenmad[at]hotmail.com. material will be removed from the site.