Configure Public Key Infrastructure for IPsec Tunnels

Before you begin

  • Configure the Fabric Extend tunnels between the branch and hub switches.

  • Configure digital certificates on the switch using Fabric IPsec Gateway virtual machine.

About this task

Support for IPsec authentication and encryption of Fabric Extend tunnels is provided using Fabric IPsec Gateway. You can use a digital certificate to authenticate IPsec for Fabric Extend

The default IPsec authentication method for Fabric Extend tunnels is a pre-shared key. If you configure the authentication method to RSA signature, the tunnels use the installed digital certificate.

Procedure

  1. Enter Fabric IPsec Gateway Configuration mode:

    enable

    virtual-service WORD<1-128> console

    Note

    Note

    Type CTRL+Y to exit the console.

  2. Configure the authentication type as RSA signature:

    set ipsec <1-255> auth-method rsasig