Configure the Fabric Extend tunnels between the branch and hub switches.
Configure digital certificates on the switch using Fabric IPsec Gateway virtual machine.
Support for IPsec authentication and encryption of Fabric Extend tunnels is provided using Fabric IPsec Gateway. You can use a digital certificate to authenticate IPsec for Fabric Extend
The default IPsec authentication method for Fabric Extend tunnels is a pre-shared key. If you configure the authentication method to RSA signature, the tunnels use the installed digital certificate.
enable
virtual-service WORD<1-128> console
Note
Type CTRL+Y to exit the console.
set ipsec <1-255> auth-method rsasig