Avaya Configuring IP Security Services Bedienungsanleitung PDF herunterladen (Seite 44)

Configuring IPsec Services

2-8

304111-B Rev 00

Changing an NPK

To maintain security, periodically change the NPK on each router.

To change an NPK, enter the

kset NPK

command, using the steps you used to

create the initial NPK (see “

Entering an Initial NPK and a Seed for Encryption”

on page 2-6).

The new NPK overwrites the original, and IPsec uses the new NPK value.

However, this does not change the hashed NPK value in the MIB.

To change the NPK value used by the MIB:

At the Technician Interface prompt, enter the secure shell by issuing the

following command:

ksession

Enter your password.

Enter the following command:

ktranslate

<old_NPK_value>

old_NPK_value

> is the original NPK value.

The older hashed NPK in the MIB is decrypted, and the new NPK is hashed

and stored in the MIB. The MIB now has the same NPK as the router.

Save the configuration file.

Monitoring NPKs

If the NPK on a router does not match the NPK in the MIB, IPsec services do not

work. This situation usually occurs when you change a CPU board in a router slot,

and the slot now lacks the current NPK, or you revert to an older configuration

that is protected by an older NPK.

View the router log to make sure that the NPK for each slot matches the NPK

value in the MIB. If the values do not match use the secure shell to change either

the router NPK value or the MIB NPK value. For more information about

changing NPKs, see “

Changing an NPK” on page 2-8.

To view the router log events specific to an NPK in the Technician Interface, enter:

log -ffwidt -eKEYMGR

1 2 ... 39 40 41 42 43 44 45 46 47 48 49 ... 99 100

Keine Kommentare

Avaya Configuring IP Security Services Bedienungsanleitung Seite 44