User`s guide
264 XSR User’s Guide
VPN Configuration Overview Chapter 11
Configuring the Virtual Private Network
XSR(aaa-group)#wins server primary 112.16.1.16
XSR(aaa-group)#wins server secondary 112.16.1.13
XSR(aaa-group)#ip pool remote_users
XSR(aaa-group)#pptp encrypt mppe 128
XSR(config)#aaa user Jeremiah
XSR(aaa-user)#password amen
XSR(aaa-user)#group PromisedLand
PKI Configuration Options
The XSR’s PKI implementation offers the following CLI commands to:
Identify and configure attributes of Certificate Authorities using the
crypto ca identity mode's available commands:
–
enrollment http-proxy specifies SCEP requests to be directed
though an intermediate proxy server.
–
enrollment url - URL provided to access the CA (consult
your CA administrator for this address). Any DNS names must
be manually converted and entered as IP addresses. (Not
acme.com but 192.168.1.1).
–
enrollment retry count sets the number of retries for pended
enrollment requests.
–
enrollment retry in period sets the interval between retries
for pended enrollment requests.
–
crl frequency sets the interval between runs of the CRL
maintenance task to update CRLs.
Collect a CA certificate from a Certificate Authority by entering
crypto
ca authenticate
. Note that you must verify the fingerprint of the CA
against provided information as part of this operation to assure that the
CA you access is the CA you expect.
Enroll an IPSec client certificate for your XSR against an authenticated
CA by entering
crypto ca enroll.
Immediately update CRL lists by entering
crypto ca crl request.
Display various aspects of the crypto configuration using the following
show commands:
– show crypto ca identity displays all configured CA
identities.
–
show crypto ca certificates displays all collected certificates
(CA Identities and IPSec client certificates).
–
show crypto ca crls displays a list of applicable CRLs.