Configure Public Key Infrastructure for IPsec Tunnels
Note
This procedure only applies to VSP 4900 Series, VSP 7400 Series, and XA1400 Series.
Before you begin
-
Configure the Fabric Extend tunnels between the branch and hub switches.
-
Configure digital certificates on the switch using either VOSS or the Fabric IPsec Gateway virtual machine, as appropriate.
About this task
XA1400 Series, VSP 4900 Series, and VSP 7400 Series switches support IPsec authentication and encryption of Fabric Extend tunnels; VSP 4900 Series and VSP 7400 Series provide that support using Fabric IPsec Gateway. You can use a digital certificate to authenticate IPsec for Fabric Extend.
The default IPsec authentication method for Fabric Extend tunnels is a pre-shared key. If you configure the authentication method to RSA signature, the tunnels use the installed digital certificate.
Procedure
-
On XA1400
Series, configure IPsec authentication in the VOSS CLI:
-
On VSP 4900
Series and VSP 7400
Series, configure IPsec
authentication in the Fabric IPsec Gateway virtual machine:
Variable Definitions
The following table defines parameters for the set ipsec command.
Variable |
Value |
---|---|
<1-255> |
Specifies the tunnel ID. |
<subject-label> |
Specifies the subject identity. |
cert-subject-nameWORD<1-45> |
Specifies the digital certificate subject name to be used as the identity certificate. If a subject name is not specified, the default certificate subject name is Global. |