MDS 05-6632A01, Rev. F MDS Orbit MCR/ECR Technical Manual 253
- FQDN – Specify the fully qualified domain name (FQDN) of the IKE peer.
Peer Identity – Default, address, FQDN, user-FQDN, DN.
- Default – Defaults to peer IP address when using pre-shared key based authentication and to
the DN of the peer certificate when using certificated-based authentication.
- Address – Use specified IP address as the IKE identity - required.
- FQDN – Use specified fully qualified domain name (FQDN) as the peer IKE identity
- User-FQDN – Use specified user-fully qualified domain name (user-FQDN) as the peer IKE
identity.
- DN – Use the specified distinguished name as the peer IKE identity.
Click Next to continue. The next screen requires you to specify the IKE version and authentication
parameters.
Version – IKE, IKE v1, IKE v2.
- IKE – If the Orbit is the initiator, it uses IKE v2. If the Orbit is the responder, it accepts either
IKE v1 or IKE v2, according to the policy proposed by the initiator.
- IKE v1 – As an initiator or responder, the Orbit uses only IKE v1.
- IKE v2 – As an initiator or responder, the Orbit uses only IKE v2.
Auth Method – Public key, EAP-TTLS, Pre-shared key.
- Public key – Use RSA/ECDSA public key based authentication.
NOTE: The certificates must be installed on Orbit prior to VPN setup.
- Pre-shared key – In lieu of certificates, the EAP-TTLS uses a pre-shared key for
authentication.
- EAP-TTLS – Use EAP-TTLS (Extensible Authentication Protocol Tunneled Transport Layer
Security) based authentication. This is used for integrity and measurement (IMA) connections.
See APPENDIX B – Integrity Measurement Authority (IMA).
The following options are available only when the authentication method chosen is Public key or EAP-
TTLS. For more information on certificates, Certificate Management and 802.1X Authentication.
Cert Type – RSA, ECDSA.
To Next Page
Loading...
Need help?
General
