[Contents] [Prev] [Next] [Index] [Report an Error]

Configuring an IKE Policy for Digital Certificates (ES PIC)

An IKE policy for digital certificates defines a combination of security parameters (IKE proposals) to be used during IKE negotiation. It defines a peer address and the proposals needed for that connection. During the IKE negotiation, IKE looks for an IKE policy that is the same on both peers. The peer that initiates the negotiation sends all its policies to the remote peer, and the remote peer tries to find a match.

To configure an IKE policy for digital certificates for an ES PIC, include the following statements at the [edit security ike policy ike-peer-address] hierarchy level:



[edit security ike] 

policy ike-peer-address{

encoding (binary | pem);

identity identity-name;

local-certificate certificate-filename;

local-key-pair private-public-key-file;
}

This section contains the following topics:

Configuring the Type of Encoding Your CA Supports
Configuring the Identity to Define the Remote Certificate Name
Specifying the Certificate Filename
Specifying the Private and Public Key File

[Contents] [Prev] [Next] [Index] [Report an Error]