
Configuring IP Security Services
3-6
304111-A Rev 00
Monitoring NPKs
If the NPK on a router does not match the NPK in the MIB, IPsec services do not
work. This type of situation usually occurs when you change a CPU board in a
router slot and the slot now lacks the current NPK, or you revert to an older
configuration that is protected by an older NPK.
View the router log to make sure that the NPK for each slot matches the NPK
value in the MIB. If not, using the secure shell, change either the router NPK
value or the MIB NPK value. For more information about changing NPKs, see
“Changing NPKs” on page 3-5.
To view the router log events specific to an NPK in the Technician Interface, enter:
log -ffwldt -eKEYMGR
Enabling IPsec
To enable IPsec, configure an IP interface using the Configuration Manager. Then
add IPsec services to that interface to create a security gateway. Use the following
steps.
Site Manager Procedure
You do this System responds
1. In the Configuration Manager window,
click on the WAN connector on which you
want to configure an IPsec interface.
The Add Circuit window opens.
2. Click on
OK
. The WAN Protocols window opens.
3. Choose a WAN protocol (PPP or frame
relay).
The Select Protocols window opens.
4. Choose
IP
and
IPSEC
. The IP Configuration window opens.
5. Set the following parameters:
• IP Address
•
Subnetwork Mask
Click on
Help
or see
Configuring IP
Services
.
6. Click on
OK
. The IPsec Configuration for Interface
window opens.
Komentáře k této Příručce