Nortel 4134 用户指南
Configuring remote access IKE policies
145
Enabling OCSP on the remote access IKE policy
Enable OCSP to instruct the router to contact the CA for verification of the
status of any certificate that the router receives.
status of any certificate that the router receives.
Procedure steps
Step
Action
1
To enter the configuration mode, enter:
configure terminal
2
To specify crypto configuration for IPsec and IKE, enter:
crypto
3
To specify configuration of remote access IKE policies, enter:
dynamic
4
To specify the remote access IKE policy to configure, enter:
ike policy <policy-name> {modecfg-group | l2tp-group}
5
To enable or disable OCSP, enter:
[no] ocsp
—End—
Configuring PFS for remote access IKE policy
Enable or disable Perfect Forward Secrecy (PFS) of both keys and identities
(RFC 2409) for the remote access IKE policy.
(RFC 2409) for the remote access IKE policy.
Procedure steps
Step
Action
1
To enter the configuration mode, enter:
configure terminal
2
To specify crypto configuration for IPsec and IKE, enter:
crypto
3
To specify configuration of remote access IKE policies, enter:
dynamic
4
To specify the remote access IKE policy to configure, enter:
ike policy <policy-name> {modecfg-group | l2tp-group}
5
To enable or disable PFS:
Nortel Secure Router 4134
Security — Configuration and Management
NN47263-600
01.02
Standard
10.0
3 August 2007
Copyright © 2007, Nortel Networks
.