Dell EqualLogic PS6210XS EqualLogic Group Manager Administrator s Guide PS Ser - Page 88
rightid=C=US, ST=New Hampshire, L=Nashua, O=Dell Equallogic, OU=Networking and iSCSI
View all Dell EqualLogic PS6210XS manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 88 highlights
221Data traffic for this session was 6250 bytes in 4 files. Total traffic for this session was 7728 bytes in 6 transfers. 221 Thank you for using the FTP service on 10.124.65.39. 9. Drop the certificates in place on the strongSwan host side: # cp draoidoir.crt /etc/ipsec.d/certs # cp root-ca.crt /etc/ipsec.d/cacerts # cp client.key /etc/ipsec.d/private 10. Configure strongSwan to use the certificates for authentication. Here we have opted to use a Distinguished Name as the identifier on each side. - On the strongSwan side, the identifier is the Distinguished Name that is contained in the certificate that will be presented by the array. - On the array side we use the identifier that will be presented by the strongSwan host. Each of these distinguished names are contained within the local certificates installed on each side: # ipsec.conf - strongSwan IPsec configuration file # basic configuration config setup # strictcrlpolicy=yes # uniqueids = no # Add connections here. conn %default auto=route keyexchange=ikev1 ike=3des-sha1-modp1024 leftcert=draoidoir.crt leftsendcert=yes conn kirt5eth0 right=10.124.65.39 type=transport #authby=psk authby=pubkey rightid="C=US, ST=New Hampshire, L=Nashua, O=Dell Equallogic, OU=Networking and iSCSI, CN=kirt5.lab.equallogic. com, [email protected]" conn kirt5wka right=10.124.65.38 type=transport #authby=psk authby=pubkey rightid="C=US, ST=New Hampshire, L=Nashua, O=Dell Equallogic, OU=Networking and iSCSI, CN=kirt5.lab.equallogic. com, [email protected]" # Sample VPN connections #conn sample-self-signed # leftsubnet=10.1.0.0/16 # leftcert=selfCert.der # leftsendcert=never # right=192.168.0.2 # rightsubnet=10.2.0.0/16 # rightcert=peerCert.der # auto=start #conn sample-with-ca-cert # leftsubnet=10.1.0.0/16 # leftcert=myCert.pem # right=192.168.0.2 88 About Group-Level Security