Advanced IPsec VPNs Using Cisco Routers and CAs

Although configuring the connection to a CA server is complex, when correctly configured the functionality is scalable and easy to manage. The main focus of this chapter has been the configuration and enrollment process. Cisco IOS Software supports the following CA products using CA interoperability:

• Entrust Technologies

• Baltimore Technologies

• Microsoft Windows 2000 Certificate Server 5.0

Multiple tasks are required to configure the router for CA support:

• Configure the router host name and domain name.

• Set the router date, time, time zone, and configure for NTP.

• Add the CA server to the router host table.

• Generate the RSA key pair.

• Authenticate the CA.

• Request your certificate.

• Save the configuration to the router.

• Manage key storage in NVRAM.

• Manage the keys on the router.

• Verify the CA configuration.

4 PREV

0 0

Post a comment