Chapter 22 IPSec VPN
SBG3500-N Series User’s Guide
293
The two SBG3500-N Seriess in this example cannot complete their negotiation because SBG3500-N
Series B’s Local ID type is IP, but SBG3500-N Series A’s Remote ID type is set to E-mail. An “ID
mismatched” message displays in the IPSEC LOG.
22.7.8 Pre-Shared Key
A pre-shared key identifies a communicating party during a phase 1 IKE negotiation (see Section
22.7.3 on page 289 for more on IKE phases). It is called “pre-shared” because you have to share it
with another party before you can communicate with them over a secure connection.
22.7.9 Diffie-Hellman (DH) Key Groups
Diffie-Hellman (DH) is a public-key cryptography protocol that allows two parties to establish a
shared secret over an unsecured communications channel. Diffie-Hellman is used within IKE SA
setup to establish session keys. 768-bit, 1024-bit 1536-bit, 2048-bit, and 3072-bit Diffie-Hellman
groups are supported. Upon completion of the Diffie-Hellman exchange, the two peers have a
shared secret, but the IKE SA is not authenticated. For authentication, use pre-shared keys.
Table 111 Mismatching ID Type and Content Configuration Example
SBG3500-N SERIES A SBG3500-N SERIES B
Local ID type: IP Local ID type: IP
Local ID content: 1.1.1.10 Local ID content: 1.1.1.2
Remote ID type: User-FQDN Remote ID type: IP
Remote ID content: aa@yahoo.com Remote ID content: 1.1.1.0
To Next Page
Loading...
