Chapter 4
Configuration via the Command Line Interface
4.4 Peer
What is ... The Peer is a term that refers to the remote Security Gateway the IPSec secure tunnel(s) will be connected to. In a first phase, an IKE Security Association is negotiated between the SpeedTouch™ and a remote Security Gateway (peer). This IKE SA serves as a signalling channel for subsequent tunnel negotiations.
In the configuration of the SpeedTouch™, the Peer bundles all the parameters required to negotiate an IKE Security Association (Phase 1 SA), such as:
Address
The public IP address of the remote IPSec peer. Eventually a backup address can be defined.
Local ID
The identity of the local peer, which is presented to the remote peer during the
Phase 1 negotiation. Various identity types are supported, such as: IP address,
Distinguished Name. FQDN, etc.
Remote ID
Similar to the Local ID, this parameter identifies the remote peer during the
Phase 1 negotiation. Various identity types are supported, such as: IP address,
Distinguished Name. FQDN, etc.
Authtype
Authentication method used: preshared key or with certificates.
XAuth user and password
Allows for a secondary authentication based on a legacy authentication system
Descriptor
Refers to the Phase 1 security descriptor.
The Peer parameters are explained in “4.4.1 Peer parameters” on page 119.
How is it used A Peer can be successfully configured from the moment when a valid
Authentication Attribute and a Peer Security Descriptor are present in the
SpeedTouch™.
In this section The following topics are discussed in this section:
Topic | Page |
|
|
4.4.1 Peer parameters | 119 |
|
|
4.4.2 List all peer entities | 123 |
|
|
4.4.3 Create a new peer entity | 124 |
|
|
4.4.4 Set or modify the peer parameters | 125 |
|
|
4.4.5 Delete a Peer entity | 126 |
|
|
118 | |
|
