In the Choose Request Type window, select Advanced request and click Next. Select Request a certificate and click Next. Launch a browser and go to the certificate server page ( in this example). The certificate is stored on the Aladdin e-Token Smartcard store. These steps demonstrate the procedures used to enroll the Cisco VPN Client for MS certificates. Remember to install all the necessary drivers and utilities that come with the Smartcard device on the PC to be used with the Cisco VPN Client. ![]() Timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00Ĭrypto ipsec transform-set myset esp-3des esp-md5-hmacĬrypto dynamic-map dynmap 10 set transform-set mysetĬrypto map mymap 10 ipsec-isakmp dynamic dynmapĬa identity kobe 10.1.1.2:/certsrv/mscep/mscep.dllĬryptochecksum:2ae252ac69e5218d13d35acdf1f30e55 ca ident kobe 10.1.1.2:/certsrv/mscep/mscep.dllĬa enroll kobe !- Confirm the certificate and validity. show ca mypub rsa !- Define the CA identity. ca gen rsa key !- Select the modulus size (512 or 1024). ca zeroize rsa !- Generate RSA (encryption and authentication) keys. show clockĬlock set !- This command clears the PIX RSA keys. Sv2-11(config)# domain-name !- Confirm that you have the correct time set on the PIX. !- The fully qualified domain name (FQDN) is used !- as the identity of the router during certificate enrollment. ![]() !- Define a hostname and domain name for the router. Note: In order to find additional information on the commands used in this document, use the Command Lookup Tool ( registered customers only). In this section, you are presented with the information in order to configure the features described in this document. Conventionsįor more information on document conventions, refer to the Cisco Technical Tips Conventions. If your network is live, make sure that you understand the potential impact of any command. All of the devices used in this document started with a cleared (default) configuration. The information in this document was created from the devices in a specific lab environment. The information in this document is based on these software and hardware versions:Ĭisco PIX Firewall running software version 6.3(3)Ĭisco VPN Client 4.0.3 on a PC running Windows XPĪ Microsoft Windows 2000 CA server is used in this document as the CA server.Ĭertificates on the Cisco VPN Client are stored using Aladdin e-Token Smartcard. There are no specific requirements for this document. ![]() Refer to Configuring Multiple-Identity Certificate Authorities on Cisco IOS Routers in order to learn more about Configuring Multiple-Identity Certificate Authorities on Cisco IOS routers. ![]() Refer to Configuring IPSec Between Cisco IOS Routers and Cisco VPN Client Using Entrust Certificates in order to learn more about Configuring IPSec between Cisco IOS routers and Cisco VPN Client using Entrust Certificates. The configuration example in this document also highlights the certification authority (CA) enrollment procedure for both the Cisco IOS® router and the Cisco VPN Client, as well as the use of a Smartcard as a certificate storage. This document demonstrates how to configure an IPSec VPN tunnel between a PIX Firewall and a Cisco VPN Client 4.0.x.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |