Avaya Configuring IPsec Services Manuel d'utilisateur télécharger pdf (Page 42)

Configuring IPsec Services

2-6

308630-15.1 Rev 00

Entering an Initial NPK and a Seed for Encryption

Before you can enable IPsec on a router, you must enter an initial NPK and create

a seed for use by IPsec. You enter the NPK into a router locally, using the console

port and the secure shell section of the Technician Interface. A password protects

access to the secure shell.

IPsec uses the NPK to encrypt and decrypt the cipher and integrity keys, and it

uses the seed specified with the

kseed

command to generate random numbers

needed by IPsec and IKE.

You cannot access the NPK or the password using the MIB or the routine

Technician Interface debug commands, nor can you invoke the secure shell in a

Telnet session.

To enter an initial NPK and a seed for encryption:

If necessary, create a password for the Technician Interface secure shell

by entering the following command at the Technician Interface prompt:

kpassword

is an alphanumeric string of up to 16 characters. When you are

prompted for your old password, press Enter.

At the Technician Interface prompt, enter the secure shell by entering the

following command:

ksession

Enter your password.

If you enter the

ksession

command before you set a password, you will be

prompted to create one. Use the

kpassword

command described in step 1.

The prompt changes to

SSHELL.

Begin generating the encryption seed by entering:

kseed

The secure shell prompts you for a random seed value.

Caution:

Never use a terminal server to enter the NPK. Instead, use a laptop

computer that you can attach directly to the router. Protect the file containing

NPKs on the laptop.

1 2 ... 37 38 39 40 41 42 43 44 45 46 47 ... 121 122

Pas de commentaire

Avaya Configuring IPsec Services Manuel d'utilisateur Page 42