Page layout for certificate authentication

IKE Authentication: Certificate parameters

Chapter 3

Configuration via Local Pages

Remote ID (Filter) Type and Remote ID Filter:

The Remote ID Filter identifies the VPN client during the Phase 1 negotiation. This identity is used as a filter for VPN clients when they join the VPN. Its value must match the settings in the VPN client in order to successfully set up the IKE Security Association. The identity types supported in the SpeedTouch™ are listed in the table below.

Identity type

Keyword

Examples

 

 

 

 

 

10.0.0.1

IP address

addr

0.0.0.0 (any address

 

 

accepted)

 

 

 

Fully qualified domain name

fqdn

sales.corporate.net

 

 

 

User fully qualified domain

userfqdn

*@corporate.net

name

 

 

 

 

 

Distinguished name

dn

dc=corpor,uid=user

 

 

 

Key identity

keyid

myid

 

 

 

Any ID type accepted

any

-

 

 

 

A SpeedTouch™ VPN client identifies itself with a userfqdn in the form of a unique e-mail address, when generic is selected for the Server Vendor. In order to make the configuration of the VPN server independent of the number of VPN clients, wildcards can be used, as shown in the table above. For example, *.corporate.net will match with any e-mail address in the domain corporate.net.

If you encounter problems during the IKE negotiations, use the Debug > Logging page to verify that the Identity Type and Identity of VPN client and server correspond with each other.

When you click Use Certificate Authentication, the IKE Authentication area of the page is updated in the following way:

When you select Use Certificate Authentication, you have to fill out the Distinguished Name of the local and remote Certificates.

E-DOC-CTC-20051017-0169 v0.1

71

 

Page 72 Page 74
Page 73
Image 73
Nortel Networks 608(WL), 620 manual Remote ID Filter Type and Remote ID Filter, @corporate.net
Page 72 Page 74
Top Page Image Contents