Ike authentication: certificate parameters, Chapter 3 – Nortel Networks 608(WL) User Manual

Chapter 3

Configuration via Local Pages

E-DOC-CTC-20051017-0169 v0.1

71



Remote ID (Filter) Type and Remote ID Filter:

The Remote ID Filter identifies the VPN client during the Phase 1 negotiation.
This identity is used as a filter for VPN clients when they join the VPN. Its value
must match the settings in the VPN client in order to successfully set up the
IKE Security Association. The identity types supported in the SpeedTouch™
are listed in the table below.

A SpeedTouch™ VPN client identifies itself with a userfqdn in the form of a
unique e-mail address, when generic is selected for the Server Vendor. In
order to make the configuration of the VPN server independent of the number
of VPN clients, wildcards can be used, as shown in the table above. For
example, *.corporate.net will match with any e-mail address in the domain
corporate.net.

Page layout for

certificate

authentication

When you click Use Certificate Authentication, the IKE Authentication area of the
page is updated in the following way:

IKE Authentication:

Certificate parameters

When you select Use Certificate Authentication, you have to fill out the
Distinguished Name of the local and remote Certificates.

Identity type

Keyword

Examples

IP address

addr

10.0.0.1

0.0.0.0 (any address
accepted)

Fully qualified domain name

fqdn

sales.corporate.net

User fully qualified domain
name

userfqdn

*@corporate.net

Distinguished name

dn

dc=corpor,uid=user

Key identity

keyid

myid

Any ID type accepted

any

-

If you encounter problems during the IKE negotiations, use the Debug >
Logging page to verify that the Identity Type and Identity of VPN client and
server correspond with each other.