Virtual Private Network > Connections
Virtual Private Network
RM GUI HiSecOS EAGLE20/30
Release
3.0
09/2015
235
IKE Local
Identifier Type
Specifies the type of local peer identifier that the device uses for the "IKE
Local ID" parameter.
Possible values:
default
(default setting)
If the "Authentication Type" is
psk
, then the device uses the IP address
from "Local Endpoint" as the local identifier.
If the "Authentication Type" is
Individual Certificates (X.509)
or
pkcs12
, then the device uses the distinguished name (DN) contained in
the local "IKE Auth. Cert. Local" certificate.
address
Use the local IP address or DNS name from the "Local Endpoint" field
as the "IKE Local ID".
id
The device identifies the value specified in the "IKE Local ID" field as
one of the following types:
– An IPv4 address or a DNS host name
– A key identifier specifying data that the device uses to pass vendor-
specific information. The device uses the information to identify
which pre-shared key it uses for aggressive mode authentication
during negotiations.
– A Fully Qualified Domain Name (FQDN) web address, for example,
"foo.bar.com". Verify that the string does not contain any
terminators.
– An email address
– The ASN.1 X.500 Distinguished Name (DN) contained within the
"IKE Auth. Cert. Local". The local and remote devices exchange
their certificates to establish the SA.
IKE Local ID Specifies the local peer identifier that the device sends to the remote device
in the ID payload during phase 1 negotiations. The devices use the ID
payload to identify the initiator of the security association (SA). The
responder uses the identity to determine the correct host system policy
requirement for the security association.
The formats for this parameter depend on the type selected in "IKE Local
Identifier Type".
Possible values:
blank (default setting)
When you specify the "IKE Local Identifier Type" as
id
, then the
following values are possible:
– An valid IPv4 address or DNS host name
– A previously specified key identifier, specifying data that the device
uses to pass vendor-specific information
– A FQDN web address, for example, "foo.bar.com". Verify that the
string is without any terminators
– A valid email address
– A typical X.500 distinguished name
Use the following syntax when creating the entry:
CN=XY-D,C=DE,L=NT,ST=BW, O=COMPANY,OU=DEV,
E=testuser@company.com.
Parameters Meaning
To Next Page
Loading...