Record EAST's public key on WEST
In this example, you record the public key you have obtained from EAST. The key is then saved under a name that you can refer to in site-to-site configuration.
A digital signature can be typed in manually, but digital signatures are lengthy and difficult to type. It is generally easier to copy the digital signature into the clipboard of your system and then paste it into the configuration. You do this in a number of ways; for example:
- Receive the public key from the operator of the VPN peer in an e-mail—perhaps an e-mail protected by a PGP signature. Copy the key text into your clipboard.
- From an X.509 certificate, provided by a Certificate Agency.
- Connect to the VPN peer directly through a Telnet or SSH control session. View the public portion of the key using a show command, select the text, and copy the key text into your clipboard.
This task pastes EAST's public key into RSA configuration. The name “EAST-key” is used as the identifier of the key.
Before you begin, copy EAST's public key into your clipboard. To obtain the public key for EAST, run the show vpn ike rsa-keys command on EAST.
If you are in operational mode on WEST, enter configuration mode now and perform the following steps:
Specify a name for EAST's public key and paste EAST's public key into the configuration.
Commit the configuration.
View the configuration for RSA keys.
Since you have not changed the configuration for the local host's key, it does not display.