Applying the Local Digital Certificate to an IPSec Tunnel

Navigate to the Services level of the configuration hierarchy.

Use any unique string for the service set name.

1. In the configuration editor, click Services.
2. Next to Service set, click Add new entry.
3. In the Service set name box, type a service set name.

From the top of the configuration hierarchy, enter

edit services service-set service-set-name

Configure the IPSec VPN options for the services set.

Use the CA profile you created in Table 32.

1. Next to Ipsec vpn options, click Configure.
2. In the Local gateway box, type an IP address.
3. Next to Trusted ca, click Configure.
4. In the Trusted ca profile box, type ca-profile-ipsec.
5. Click OK until you return to the Services page.

Enter

edit services service-set service-set-nameipsec-vpn-options

Enter

set local-gateway ip-address

Enter

set trusted-ca ca-profile-ipsec

Configure the IPSec VPN policy.

1. Next to Ipsec vpn, click Configure.
2. Next to Ike, click Configure.
3. Next to Policy, click Add new entry.
4. In the Name box, type the policy name.
5. In the Local certificate box, type the local certificate ID.
6. Click OK.

Return to the [edit services] hierarchy.

Enter

set ipsec-vpn ike policy policy-name local-certificate local-certificate-id

Configure the IPSec VPN proposal.

1. Next to Proposal, click Add new entry.
2. In the Name box, type the proposal name.
3. From the Authentication method list, select rsa-signatures.
4. Click OK.

Enter

set ipsec-vpn ike proposalproposal-name authentication-method rsa-signatures