Table of Contents
Advertisement
Remote ID Type
Remote ID Data
IKE Authentication
Mode
IKE Authentication
Algorithm
IKE Authentication
Passphrase
IKE Encryption
Algorithm
Key Lifetime
Altitude 4700 Series Access Point Product Reference Guide
Select the type of ID to be used for the access point end
of the tunnel from the Remote ID Type drop-down menu.
• IP—Select the IP option if the remote ID type is the IP
address specified as part of the tunnel.
• FQDN—Select FQDN if the remote ID type is a fully
qualified domain name (such as extremenetworks.com).
The setting for this field does not have to be fully
qualified, however it must match the setting for the
Certificate Authority.
• UFQDN—Select this item if the remote ID type is a
user unqualified email address (such as
johndoe@extremenetworks.com). The setting for this
field does not have to be unqualified, it just must match
the setting of the field of the Certificate Authority.
If FQDN or UFQDN is selected, specify the data (either the
qualified domain name or the user name) in the Remote ID
Data field.
Select the appropriate IKE authentication mode:
• Pre-Shared Key (PSK)—Specify an authenticating
algorithm and passcode used during authentication.
• RSA Certificates—Select this option to use RSA
certificates for authentication purposes. See the CA
Certificates and Self certificates screens to create and
import certificates into the system.
IKE provides data authentication and anti-replay services
for the VPN tunnel. Select an authentication methods from
the drop-down menu.
• MD5—Enables the Message Digest 5 algorithm. No
keys are required to be manually provided.
• SHA1—Enables Secure Hash Algorithm. No keys are
required to be manually provided.
If you selected Pre-Shared Key as the authentication
mode, you must provide a passphrase.
Select the encryption and authentication algorithms for the
VPN tunnel from the drop-down menu.
• DES—Uses the DES encryption algorithm. No keys are
required to be manually provided.
• 3DES—Enables the 3DES encryption algorithm. No
keys are required to be manually provided.
• AES 128-bit—Uses the Advanced Encryption Standard
algorithm with 128-bit. No keys are required to be
manually provided.
• AES 192-bit—Enables the Advanced Encryption
Standard algorithm with 192-bit. No keys are required
to be manually provided.
• AES 256-bit—Uses the Advanced Encryption Standard
algorithm with 256-bit. No keys are required to be
manually provided.
The number of seconds the key is valid. At the end of the
lifetime, the key is renegotiated.
The access point forces renegotiation every 3600 seconds.
There is no way to change the renegotiation value. If the
IKE Lifetime is greater than 3600, the keys still get
renegotiated every 3600 seconds.
237
Advertisement
Table of Contents
Related Manuals for Extreme Networks Altitude 4700 Series
Related Products for Extreme Networks Altitude 4700 Series
- Extreme Networks ExtremeSwitching Virtual Services Platform 4450GTX-HT-PWR+
- Extreme Networks Universal Compute Platform Appliance 4120C
- Extreme Networks 4120 Series
- Extreme Networks ExtremeSwitching 5420M-48W-4YE
- Extreme Networks ExtremeSwitching 5420M-48T-4YE
- Extreme Networks ExtremeSwitching Virtual Services Platform 4850GTS-PWR+
- Extreme Networks ExtremeSwitching Virtual Services Platform 4850GTS Series
- Extreme Networks EPICenter 4.1