Đang chuẩn bị liên kết để tải về tài liệu:
netscreen concepts examples vpns phần 4

Để hiển thị các thuộc tính kiểm tra thu hồi cho một CA đặc biệt, sử dụng cú pháp CLI sau đây: ns-get PKI quyền id_num cert-tình trạng nơi id_num là số xác định cấp Giấy chứng nhận do CA phát hành. Để hiển thị các thuộc tính tình trạng thu hồi cho các CA cấp giấy chứng nhận 7: ns-get PKI quyền 7 cert-tình trạng | Chapter 3 Routing-Based VPNs LAN-to-LAN VPNs Note The full AutoKey IKE configuration also involves the following procedures Defining security zone interface IP addresses Creating an unnumbered tunnel interface Making address book entries for the local and remote end entities Setting up routes Configuring policies However because these steps are the same as those explained in Example Routing-Based LAN-to-LAN VPN Manual Key on page 59 they are omitted here. In the following examples the preshared key is hl p8A24nG5. It is assumed that both participants already have RSA certificates and are using Entrust as the certificate authority CA . For information about obtaining and loading certificates see Certificates and CRLs on page 29. WebUI Tokyo 1. VPNs AutoKey Advanced Gateway New Enter the following and then click OK Gateway Name To_Paris Security Level Custom Remote Gateway Type Static IP Address select IP Address 203.3.3.10 Preshared Key Preshared Key h1p8A24nG5 Outgoing Interface ethernet3 Advanced Enter the following advanced settings and then click Return to return to the basic Gateway configuration page NetScreen Concepts Examples - Volume 4 VPNs 71 Chapter 3 Routing-Based VPNs LAN-to-LAN VPNs Security Level Custom Phase 1 Proposal for Custom Security Level pre-g2-3des-sha Mode Initiator Main ID Protection Certificates Outgoing Interface ethernet3 Advanced Enter the following advanced settings and then click Return to return to the basic Gateway configuration page Security Level Custom Phase 1 Proposal for Custom Security Level rsa-g2-3des-sha Preferred certificate optional Peer CA Entrust Peer Type X509-SIG 2. VPNs AutoKey IKE New Enter the following and then click OK VPN Name Tokyo_Paris Security Level Compatible Remote Gateway Predefined select To_Paris Advanced Enter the following advanced settings and then click Return to return to the basic AutoKey IKE configuration page Security Level Compatible Bind to Tunnel Interface select tunnel.1 Proxy-ID select .