Motorola WS2000 - Wireless Switch - Network Management Device System Reference Manual page 74
Wireless switch
Hide thumbs
Also See for WS2000 - Wireless Switch - Network Management Device:
- Cli reference manual (452 pages) ,
- System reference manual (362 pages) ,
- Configuration manual (19 pages)
Table of Contents
Advertisement
4-20 WS2000 Wireless Switch System Reference Guide
3. Select the
Operation Mode
protection and aggressive exchanges. IKE main mode refers to the identity-protection exchange, and IKE
aggressive mode refers to the aggressive exchange.
Main
Aggressive
4. Select the type of ID to be used for the WS 2000 end of the tunnel from the
IP
FQDN
UFQDN
5. If
FQDN
or
UFQDN
in the
Local ID Data
6. Repeat steps 4 and 5 for the
7. Choose the authentication mode to be used with the IKE algorithm from the
menu.
Pre-shared key
RSA
Certificates
8. IKE provides data authentication and anti-replay services for the VPN tunnel. Select the desired
authentication methods from the
MD5
SHA1
9. If
Pre-Shared Key
field. If
MD5
is the selected algorithm, provide a 40-character hexadecimal key.
10.Use the
IKE Encryption Algorithm
VPN tunnel.
DES
3DES
for IKE. The Phase I protocols of IKE are based on the ISAKMP identity-
This is the standard IKE mode for communication and key exchange.
Aggressive mode is faster and less secure than Main mode. Identities are not encrypted
unless public key encryption is used. The Diffie-Hellman group cannot be negotiated; it is
chosen by the initiator. Also, the authentication method cannot be negotiated if the initia-
tor chooses to use public key encryption.
Select this option if the local ID type is the IP address specified as part of the tunnel.
Select this item if the local ID type is a fully qualified domain name (such as sj.sym-
bol.com). The setting for this field does not have to be fully qualified, it just must match
the setting of the field for the Certificate Authority.
Select this item if the local ID type is a user unqualified domain name (such as john-
doe@symbol.com). The setting for this field does not have to be unqualified, it just must
match the setting of the field of the Certificate Authority.
are selected, specify the data (either the qualified domain name or the user name)
field.
Remote ID Type
This option requires that you specify an authentication algorithm and passcode to be
used during authentication.
Select this option to use RSA certificates for authentication purposes. See
Digital Certificates
to create and import certificates into the system.
IKE Authentication Algorithm
Enables the Message Digest 5 algorithm, which requires 128-bit (32-character hexa-
decimal) authentication keys.
Enables Secure Hash Algorithm 1, which requires 160-bit (40-character hexadecimal)
keys.
is the authentication mode, provide a key in the
is the selected authentication algorithm, provide a 32-character hexadecimal key. If
menu to select the encryption and authentication algorithms for this
This options selects the DES encryption algorithm, which requires 64-bit (16-character
hexadecimal) keys.
This option selects the 3DES encryption algorithm, which requires 192-bit (48-character
hexadecimal) keys. When creating keys for 3DES, the first 8 bytes cannot equal the sec-
ond 8 bytes, and the second 8 bytes cannot equal the third 8 bytes.
and
Remote ID Data
fields.
menu.
IKE Authentication Passphrase
Local ID Type
menu.
IKE Authentication Mode
Managing
SHA1
Hide quick links:
Advertisement
Table of Contents
