Applying the Local Digital Certificate to an IPsec Tunnel

Navigate to the Services level of the configuration hierarchy.

Use any unique string for the service set name.

1. In the J-Web interface, select Configuration>View and Edit>Edit Configuration.
2. Next to Services, click Configure or Edit.
3. Next to Service set, click Add new entry.
4. In the Service set name box, type a service set name.

From the [edit] hierarchy level, enter

edit services service-set service-set-name

Configure the IPsec VPN options for the services set.

Use the CA profile you created in Table 41.

1. Next to Ipsec vpn options, click Configure.
2. In the Local gateway box, type an IP address.
3. Next to Trusted ca, click Configure.
4. In the Trusted ca profile box, type ca-profile-ipsec.
5. Click OK until you return to the Services page.

Enter

edit services service-set service-set-nameipsec-vpn-options

Enter

set local-gateway ip-address

Enter

set trusted-ca ca-profile-ipsec

Configure the IPsec VPN policy. Use the certificate ID you created in Table 44.

1. Next to Ipsec vpn, click Configure.
2. Next to Ike, click Configure.
3. Next to Policy, click Add new entry.
4. In the Name box, type the policy name.
5. In the Local certificate box, type local-verisign.
6. Click OK.

Return to the [edit services] hierarchy.

Enter

set ipsec-vpn ike policy policy-name local-certificate local-verisign

Configure the IPsec VPN proposal.

1. Next to Proposal, click Add new entry.
2. In the Name box, type the proposal name.
3. From the Authentication method list, select rsa-signatures.
4. Click OK.

Enter

set ipsec-vpn ike proposal proposal-name authentication-method rsa-signatures