Table of Contents
Advertisement
Page layout for
certificate
authentication
IKE Authentication:
Certificate parameters
E-DOC-CTC-20051017-0169 v0.1
Remote ID (Filter) Type and Remote ID Filter:
The Remote ID Filter identifies the VPN client during the Phase 1 negotiation.
This identity is used as a filter for VPN clients when they join the VPN. Its value
must match the settings in the VPN client in order to successfully set up the
IKE Security Association. The identity types supported in the SpeedTouch™
are listed in the table below.
Identity type
IP address
Fully qualified domain name
User fully qualified domain
name
Distinguished name
Key identity
Any ID type accepted
A SpeedTouch™ VPN client identifies itself with a userfqdn in the form of a
unique e-mail address, when generic is selected for the Server Vendor. In
order to make the configuration of the VPN server independent of the number
of VPN clients, wildcards can be used, as shown in the table above. For
example, *.corporate.net will match with any e-mail address in the domain
corporate.net.
If you encounter problems during the IKE negotiations, use the Debug >
Logging page to verify that the Identity Type and Identity of VPN client and
server correspond with each other.
When you click Use Certificate Authentication, the IKE Authentication area of the
page is updated in the following way:
When you select Use Certificate Authentication, you have to fill out the
Distinguished Name of the local and remote Certificates.
Configuration via Local Pages
Keyword
Examples
10.0.0.1
addr
0.0.0.0 (any address
accepted)
fqdn
sales.corporate.net
userfqdn
*@corporate.net
dn
dc=corpor,uid=user
keyid
myid
any
-
Chapter 3
71
Advertisement
Table of Contents
