-
Cisco IOS Security Configuration Guide: Secure Connectivity, Release 12.2SR
- Internet Key Exchange for IPsec VPNs
- Security for VPNs with IPsec
- VPN Availability
- IPsec Data Plane
- IPsec Management Plane
-
Public Key Infrastructure (PKI)
-
Implementing and Managing PKI Features Roadmap
-
Cisco IOS PKI Overview: Understanding and Planning a PKI
-
Deploying RSA Keys Within a PKI
-
Configuring Authorization and Revocation of Certificates in a PKI
-
Configuring Certificate Enrollment for a PKI
-
Configuring and Managing a Cisco IOS Certificate Server for PKI Deployment
-
Storing PKI Credentials
-
Source Interface Selection for Outgoing Traffic with Certificate Authority (CA)
-
- Dynamic Multipoint VPN (DMVPN)
- Easy VPN
Table Of Contents
Easy VPN Remote RSA Signature Support
Prerequisites for Easy VPN Remote RSA Signature Support
Restrictions for Easy VPN Remote RSA Signature Support
Information About Easy VPN Remote RSA Signature Support
Easy VPN Remote RSA Signature Support Overview
How to Configure Easy VPN Remote RSA Signature Support
Configuring Easy VPN Remote RSA Signature Support
Feature Information for Easy VPN Remote RSA Signature Support
Easy VPN Remote RSA Signature Support
First Published: March 1, 2004Last Updated: August 21, 2007The Easy VPN Remote RSA Signature Support feature provides for the support of Rivest, Shamir, and Adelman (RSA) signatures on Easy VPN remote devices. The support is provided through RSA certificates that can be stored on or off the remote device.
Finding Feature Information in This Module
Your Cisco IOS software release may not support all of the features documented in this module. To reach links to specific feature documentation in this module and to see a list of the releases in which each feature is supported, use the "Feature Information for Easy VPN Remote RSA Signature Support" section.
Finding Support Information for Platforms and Cisco IOS and Catalyst OS Software Images
Use Cisco Feature Navigator to find information about platform support and Cisco IOS and Catalyst OS software image support. To access Cisco Feature Navigator, go to http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp. An account on Cisco.com is not required.
Contents
•
Prerequisites for Easy VPN Remote RSA Signature Support
•
•
•
Prerequisites for Easy VPN Remote RSA Signature Support
•
•
•
•
•
Restrictions for Easy VPN Remote RSA Signature Support
•
•
Information About Easy VPN Remote RSA Signature Support
To configure the Easy VPN Remote RSA Signature Support feature, you should understand the following concept:
•
Easy VPN Remote RSA Signature Support Overview
The Easy VPN Remote RSA Signature Support feature allows you to configure RSA signatures on your Easy VPN remote device. The signatures can be stored on or off your remote device.
How to Configure Easy VPN Remote RSA Signature Support
This section contains the following procedure:
•
Configuring Easy VPN Remote RSA Signature Support
The RSA signatures for an Easy VPN remote device are configured the same way that you would configure RSA signatures for any other Cisco device. (For information about configuring RSA signatures, refer to the "Configuring Certification Authority Interoperability" chapter of the "IP Security and Encryption" section of the Cisco IOS Security Configuration Guide, Release 12.4.)
To enable the RSA signatures, when you are configuring the Easy VPN remote and assigning the configuration to the outgoing interface, you must omit the group command. The content of the first Organizational Unit (OU) field will be used as the group. (For information about configuring Cisco Easy VPN remote devices, refer to the feature document Cisco Easy VPN Remote.)
To troubleshoot your Easy VPN remote RSA signature configuration, you can use the following debug commands. The debug commands can be used in any order or individually.
SUMMARY STEPS
1.
2.
3.
DETAILED STEPS
Additional References
The following sections provide references related to Easy VPN Remote RSA Signature Support.
Related Documents
Configuring Internet Key Exchange for IPSec VPNs
Deploying RSA keys
Certificate Authorities
•
•
Configuring a Cisco Easy VPN remote device
Security commands
Standards
MIBs
RFCs
Technical Assistance
Feature Information for Easy VPN Remote RSA Signature Support
Table 1 lists the release history for this feature.
Not all commands may be available in your Cisco IOS software release. For release information about a specific command, see the command reference documentation.
Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which Cisco IOS and Catalyst OS software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp. An account on Cisco.com is not required.
Note
Table 1 Feature Information for Easy VPN Remote RSA Signature Support
Easy VPN Remote RSA Signature Support
12.3(7)T1
12.2(33)SRA
12.2(33)SXHThe Easy VPN Remote RSA Signature Support feature provides for the support of Rivest, Shamir, and Adelman (RSA) signatures on Easy VPN remote devices. The support is provided through RSA certificates that can be stored on or off the remote device.
The following sections provide information about this feature:
•
•
Easy VPN Client RSA - Signature Support
Cisco IOS XE Release 2.1
This feature was introduced on Cisco ASR 1000 Series Routers.
CCDE, CCENT, CCSI, Cisco Eos, Cisco HealthPresence, Cisco IronPort, the Cisco logo, Cisco Lumin, Cisco Nexus, Cisco Nurse Connect, Cisco StackPower, Cisco StadiumVision, Cisco TelePresence, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, Flip for Good, Flip Mino, Flip Video, Flip Video (Design), Flipshare (Design), Flip Ultra, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn, Cisco Store, and Flip Gift Card are service marks; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0907R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
© 2009 Cisco Systems, Inc. All rights reserved.
