Secure GSLB

1

NOTE

When you specify a TCP port for the key exchange communication, DO NOT use port 182, or the port that you configured for GSLB communication traffic. The default destination TCP port for key exchange is 56895.

To change default TCP port when doing public key exchange, enter a command such as the following:

ServerIronADX(config)# crypto key-exchange passive 111

3.David connects to Bob's device and send his RSA public key. The fingerprint of the key is displayed on David's screen.

SLB-Ctrl-ServerIronADX(config)#crypto key-exchange 100.1.1.1

Ctrl-ServerIronADX

Public key for Ctrl-ServerIronADX:

Serial Number

Fingerprint 7355edda 95906e7e f04e38a3 61f640fa c2e61fa7

The command syntax is crypto key-exchange <IP address> <name> [<decimal>].

The <IP address> parameter specifies peer IP address this device talks to. The <name> parameter specifies the host name of local device. The <decimal> parameter specifies TCP port used for the key exchange communication, such as the following:

ServerIronADX(config)# crypto key-exchange 100.1.1.1 test 111

4.Bob receives David's public key. The fingerprint is printed on Bob's screen. Both Bob and David read out the fingerprint and verify they match.

SLB-Site-ServerIronADX(config)#

Public key for Ctrl-ServerIronADX:

Serial Number

Fingerprint 7355edda 95906e7e f04e38a3 61f640fa c2e61fa7

Add this public key to the configuration?(enter 'y' or 'n'):

If they are the same, Bob answers `Y' to accept David's public key.

5. David waits for Bob to send his public key.

Wait for peer to send a key(enter 'y' or 'n'): y

Waiting ....

6. Bob sends back his public key.

Send peer a key in return(enter 'y' or 'n'): y

Public key for Site-ServerIronADX:

Serial Number

Fingerprint 92c8e6a2 cfe214e8 2645886f 2c7c6379 e0bfd96e

7.On David's device, Bob's fingerprint is displayed. Once again, both Bob and David read out the fingerprint to verify the key.

SLB-Ctrl-ServerIronADX(config)#

Public key for Site-ServerIronADX:

Serial Number

Fingerprint 92c8e6a2 cfe214e8 2645886f 2c7c6379 e0bfd96e

8. David accepts Bob's public key and adds it to his database. The key exchange is complete.

Add this public key to the configuration?(enter 'y' or 'n'): y

ServerIron ADX Global Server Load Balancing Guide

61

53-1002437-01

 

Page 73
Image 73
Brocade Communications Systems 12.4.00 manual Bob sends back his public key