Avaya Configuring IPsec Services Uživatelský manuál stáhnout pdf (Strana 44)

Configuring IPsec Services

2-8

308630-15.1 Rev 00

Enter the following command:

kset npk 0x<NPK_value>

<NPK_value>

is the new 16-digit hexadecimal NPK value that you are

assigning to the router.

The new NPK overwrites the original, and IPsec uses the new NPK value.

However, this command does not change the hashed NPK value in the MIB.

To change the NPK value used by the MIB, enter the following command:

ktranslate <old_NPK_value>

old_NPK_value

> is the original NPK value.

The older hashed NPK in the MIB is decrypted, and the new NPK is hashed

and stored in the MIB. The MIB now has the same NPK as the router.

Save the configuration file.

Monitoring NPKs

If the NPK on a router does not match the NPK in the MIB, IPsec services do not

work. This situation usually occurs when you change a CPU board in a router slot,

and the slot now lacks the current NPK, or you revert to an older configuration

that is protected by an older NPK.

View the router log to make sure that the NPK for each slot matches the NPK

value in the MIB. If the values do not match, use the secure shell to change either

the router NPK value or the MIB NPK value. For more information about

changing NPKs, see “

Changing an NPK” on page 2-7.

To view the router log events specific to an NPK in the Technician Interface, enter:

log -ffwidt -eKEYMGR

1 2 ... 39 40 41 42 43 44 45 46 47 48 49 ... 121 122

Žádné komentáře

Avaya Configuring IPsec Services Uživatelský manuál Strana 44