Configure Public Key Infrastructure for IPsec Tunnels

Note

Note

This procedure applies to 5720-24MXW and 5720-48MXW.

Before you begin

  • Configure the Fabric Extend tunnels between the branch and hub switches.

  • Configure digital certificates on the switch using Fabric IPsec Gateway virtual machine.

About this task

5720-24MXW and 5720-48MXW switches support IPsec authentication and encryption of Fabric Extend tunnels using Fabric IPsec Gateway. You can use a digital certificate to authenticate IPsec for Fabric Extend.

The default IPsec authentication method for Fabric Extend tunnels is a pre-shared key. If you configure the authentication method to RSA signature, the tunnels use the installed digital certificate.

Procedure

On 5720-24MXW and 5720-48MXW , configure IPsec authentication in the Fabric IPsec Gateway virtual machine:
  1. Enter Fabric IPsec Gateway Configuration mode:

    enable

    virtual-service WORD<1-128> console

    Note

    Note

    Type CTRL+Y to exit the console.

  2. Configure the authentication type as RSA signature:

    set ipsec <1-255> auth-method rsasig

Variable Definitions

The following table defines parameters for the set ipsec command.

Variable

Value

<1-255>

Specifies the tunnel ID.

<subject-label>

Specifies the subject identity.

cert-subject-nameWORD<1-45>

Specifies the digital certificate subject name to be used as the identity certificate. If a subject name is not specified, the default certificate subject name is Global.
9037469-00 Rev AB