In this demonstration, we’ll show how to establish IPsec tunnels for site-to-site configuration using IKE and public keys derived from X.509 certificates.
	The certificate authority used in this demonstration is supported in one of the Security Gateways, a Nokia CryptoCluster 500 (HOME-SG). This CA supports IPsec-relevant certificate issuing, registration, and revocation. Standard public/private key cryptography is used in authenticating ISO X.509v3 digital certificates.
	As an interesting aside, the Nokia Cryptoclusters support raw public keys by default. The keys are generated randomly, using strong random numbers from the hi/fn 6501 cryptographic co-processor.
	This illustration shows our configuration. We’ll be using Telnet and the CryptoConsole admin software on a laptop, 172.16.1.5 to demonstrate the configuration process, and the process of creating IKE and IPsec security associations.