Pre-Shared Key; Diffie-Hellman (Dh) Key Groups - ZyXEL Communications LTE5121 User Manual

Hide thumbs Also See for LTE5121:

Quick start manual (11 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

Table of Contents

The type of ID can be a domain name, an IP address or an e-mail address. The content is the IP

address, domain name, or e-mail address.

Table 66 Local ID Type and Content Fields

LOCAL ID TYPE= CONTENT=

DNS

E-mail

16.5.7.1 ID Type and Content Examples

Two IPSec routers must have matching ID type and content configuration in order to set up a VPN

tunnel.

The two LTE Devices in this example can complete negotiation and establish a VPN tunnel.

Table 67 Matching ID Type and Content Configuration Example

LTE Device A

Local ID type: E-mail

Local ID content: tom@yourcompany.com

Remote ID type: IP

Remote ID content: 1.1.1.2

The two LTE Devices in this example cannot complete their negotiation because LTE Device B's

Local ID type is IP, but LTE Device A's Remote ID type is set to E-mail. An "ID mismatched"

message displays in the IPSEC LOG.

Table 68 Mismatching ID Type and Content Configuration Example

LTE DEVICE A

Local ID type: IP

Local ID content: 1.1.1.10

Remote ID type: E-mail

Remote ID content: aa@yahoo.com

16.5.8 Pre-Shared Key

A pre-shared key identifies a communicating party during a phase 1 IKE negotiation (see

16.5.3 on page 157

with another party before you can communicate with them over a secure connection.

16.5.9 Diffie-Hellman (DH) Key Groups

Diffie-Hellman (DH) is a public-key cryptography protocol that allows two parties to establish a

shared secret over an unsecured communications channel. Diffie-Hellman is used within IKE SA

setup to establish session keys. Upon completion of the Diffie-Hellman exchange, the two peers

have a shared secret, but the IKE SA is not authenticated. For authentication, use pre-shared keys.

LTE-5121 User's Guide

Type the IP address of your computer.

Type a domain name (up to 31 characters) by which to identify this LTE Device.

Type an e-mail address (up to 31 characters) by which to identify this LTE

Device.

The domain name or e-mail address that you use in the Local ID Content field

is used for identification purposes only and does not need to be a real domain

name or e-mail address.

for more on IKE phases). It is called "pre-shared" because you have to share it

LTE Device B

Local ID type: IP

Local ID content: 1.1.1.2

Remote ID type: E-mail

Remote ID content: tom@yourcompany.com

LTE DEVICE B

Local ID type: IP

Local ID content: 1.1.1.2

Remote ID type: IP

Remote ID content: 1.1.1.0

Chapter 16 VPN

Section

161

Table of Contents

Pre-Shared Key; Diffie-Hellman (Dh) Key Groups - ZyXEL Communications LTE5121 User Manual

16.5.8 Pre-Shared Key

16.5.9 Diffie-Hellman (DH) Key Groups

Related Manuals for ZyXEL Communications LTE5121

Related Content for ZyXEL Communications LTE5121

Table of Contents