Westermo RedFox Series User Manual
Page 815
Westermo OS Management Guide
Version 4.17.0-0
Continued from previous page
Local ID
Type & ID
The identity used by the VPN gateway during the IKE
handshake. Typically the Name(DNS/User) type with a
simple ID text string (e.g., alice) can be used to iden-
tify the VPN gateway.
For more details on available identification types and ID
values, see
If Auto is selected, the local-id will be of type IP
Address (for PSK authentication), using the IP address
of the specified Outbound interface as identity.
For
certificate authentication, Auto implies a local-id of type
Distinguished Name, using the subject string of the lo-
cal certificate as identity.
Peer ID
Type & ID
The identity used by the peer VPN gateway during the
IKE handshake. Typically the Name(DNS/User type with a
simple ID text string (e.g., bob) can be used to identify
the peer VPN gateway.
For more details on available identification types and ID
values, see
If Auto is selected, the Peer ID will be of type IP
Address (for PSK authentication), using the IP address
from the Remote Peer Address/Name field as identity (a
domain name will be resolved to an IP address). For cer-
tificate authentication, Auto is discouraged for the Peer
ID, see
for details.
ESP Auto
(Checkbox)
The cipher suite to use for the ESP handshake can ei-
ther be negotiated automatically between the peers, or
a specific suite can be configured manually. Check the
Auto checkbox to specify cipher auto-negotiation; un-
check the checkbox to specify an ESP cipher suite and
Diffie-Hellman group manually (see below).
Note: ESP cipher auto-negotiation is only valid with main
mode IKE. In case of aggressive mode, a specific ESP ci-
pher suite must be configured (see below).
Continued on next page
➞ 2015 Westermo Teleindustri AB
815