Table of Contents
Advertisement
I s s u e 1 . 0 , A p r i l 2 0 0 6
quickly: thus, it is referred to as quick mode. The identity of the IKE peers has already been
verified in phase 1, and the ISAKMP SA already protects exchanges between the IKE peers.
Therefore, the identities passed in quick mode are not the identities of the IKE peers but rather the
identities of the selectors to be used in the IPSec security policy database. A phase 1 ISAKMP SA
is required when negotiating a phase 2 SA. Once established, a phase 2 SA can exist
independently of the phase 1 SA that is later destroyed.
• PKCS #10: Certificate Request Syntax Standard
• PKCS #7: Cryptographic Message Syntax Standard
• PKCS #11: Cryptographic Token Interface Standard
IPSec Configuration
1. Log in to your router. From the left frame, click Configuration and then click the
IPSec link. Set your Negotiation ID.
IKE defines two modes when negotiating a phase 1 SA: main mode and aggressive mode.
• For Aggressive Mode use a string like remote@ABCD.com
or
• For Main Mode use the WAN IP address of your Branch Office (remote) VPN router
(our example shows a setup in Aggressive Mode)
©2006 Ch
arles Industries, Ltd.
All right
s reserved. Printed in United States of America.
The availability o
f features and technical specifications herein subject to change without notice.
92
Section 364-180-N02
Advertisement
Table of Contents
