Nortel Networks 620 User Manual
Chapter 3
Configuration via Local Pages
E-DOC-CTC-20051017-0169 v0.1
71
Remote ID (Filter) Type and Remote ID Filter:
The Remote ID Filter identifies the VPN client during the Phase 1 negotiation.
This identity is used as a filter for VPN clients when they join the VPN. Its value
must match the settings in the VPN client in order to successfully set up the
IKE Security Association. The identity types supported in the SpeedTouch™
are listed in the table below.
This identity is used as a filter for VPN clients when they join the VPN. Its value
must match the settings in the VPN client in order to successfully set up the
IKE Security Association. The identity types supported in the SpeedTouch™
are listed in the table below.
A SpeedTouch™ VPN client identifies itself with a userfqdn in the form of a
unique e-mail address, when generic is selected for the Server Vendor. In
order to make the configuration of the VPN server independent of the number
of VPN clients, wildcards can be used, as shown in the table above. For
example, *.corporate.net will match with any e-mail address in the domain
corporate.net.
unique e-mail address, when generic is selected for the Server Vendor. In
order to make the configuration of the VPN server independent of the number
of VPN clients, wildcards can be used, as shown in the table above. For
example, *.corporate.net will match with any e-mail address in the domain
corporate.net.
Page layout for
certificate
authentication
When you click Use Certificate Authentication, the IKE Authentication area of the
page is updated in the following way:
page is updated in the following way:
IKE Authentication:
Certificate parameters
When you select Use Certificate Authentication, you have to fill out the
Distinguished Name of the local and remote Certificates.
Distinguished Name of the local and remote Certificates.
Identity type
Keyword
Examples
IP address
addr
10.0.0.1
0.0.0.0 (any address
accepted)
accepted)
Fully qualified domain name
fqdn
sales.corporate.net
User fully qualified domain
name
name
userfqdn
*@corporate.net
Distinguished name
dn
dc=corpor,uid=user
Key identity
keyid
myid
Any ID type accepted
any
-
If you encounter problems during the IKE negotiations, use the Debug >
Logging page to verify that the Identity Type and Identity of VPN client and
server correspond with each other.
Logging page to verify that the Identity Type and Identity of VPN client and
server correspond with each other.