Home > Articles > Cisco Network Technology > Network Administration & Support > Configuring the Cisco PIX Firewall for CA Site-to-Site

Configuring the Cisco PIX Firewall for CA Site-to-Site

Chapter Description

This sample chapter explains how to configure Cisco Secure PIX Firewall certificate authority (CA) support for Internet Protocol Security (IPSec). After presenting an overview of the configuration process, the chapter shows you each major step of the configuration, including support tasks, IKE, and IPSec.

Review Questions

1. SCEP stands for what?

2. What is the maximum RSA key modulus size?

3. In its default state, which PIX-compatible CA does not support SCEP?

4. Why must you set the time and date on a PIX Firewall before enabling CA support?

5. What is the minimum RSA key modulus size?

6. What are the RSA key pairs used for?

7. What command allows you to save the PIX Firewall's RSA key pairs; the CA, the RA, and PIX Firewall's certificates; and the CA's CRLs in the persistent data file in Flash memory between reloads?

8. Which peer authentication method is considered to be the stronger, preshared or RSA encryption?

9. What command removes the PIX Firewall's RSA key pairs; the CA, the RA, and PIX Firewall's certificates; and the CA's CRLs from the persistent data file in Flash memory?

10. What command deletes all RSA keys that were previously generated by your PIX Firewall?