Enterasys Networks XSR CLI Router User Manual


  Open as PDF
of 684
 
PKI commands
14-84 Configuring the VPN
“CryptoMapModeCommands”onpage 14110.
“CryptoTransformModeComm ands” onpage 14115.
“CryptoShowCommands”onpage 14118.
“InterfaceCLICommands”onpage 14121.
“InterfaceVPNCommands”onpage 14122.
“TunnelCommands”onpage 14127.
“TunnelClearandShowComm ands”onpage 14132.
“AdditionalTunnelTerminationCommands”on
page 14134.
“DFBitCommands”onpage 14137.
PKI commands
ThefollowingcommandsconfigurePublicKeyInfrastructure(PKI)ontheXSR.
CA Identity Mode Commands
crypto ca identity
ThiscommanddeclarestheCertificateAuthority(CA)theXSRshoulduseandidentifiesCAs
whichmayberequiredaspartoftheCAchainfortherouterorapeerIPSecclient.Ifyou
previouslydeclaredtheCAandjustwanttoupdateitscharacteristics,specifythenameyou
previouslycreated.
Insomecases,theCAmightrequireaparticularCAname,suchasitsdomain
name.
PerformingthiscommandacquiresCAIdentitymode,whereyoucanspecifyCAcharacteristics
withthefollowingsubcommands:
crl frequency‐SpecifiestheintervalbetweenCertificateRevocationList(CRL)retrievals
andothermaintenancethatmaybeperformedperiodically.Refertopage1485forthe
commanddefinition.
enrollment http-proxy‐SpecifiesthelocalHTTPproxyserver.Itisoptional.Refertopage
1486forthecommanddefinition.
enrollment retry count ‐SpecifieshowmanycertificateenrollmentpollstheXSRwill
sendbeforegivingup.Itisdefaulted.Refertopage1486forthecommanddefinition.
enrollment retry period‐SpecifiesanintervalthattheXSRshouldwaitbetweensending
certificaterequestretries.Itisdefaulted.Refertopage1487forthecommanddefinition.
enrollment url‐SpecifiestheURLoftheCAandisalwaysrequired.Refertopage1488for
thecommanddefinition.
Syntax
crypto ca identity name
Note: AAA commands are described in Chapter 13: Configuring Security.
 previous next