Specifications

ManualsBrandsExtreme Networks ManualsComputer equipmentAltitude 4700 Series

231

232

233

234

235

236

237

238

239

240

Altitude 4700 Series Access Point Product Reference Guide

237

Remote ID Type Select the type of ID to be used for the access point end

of the tunnel from the Remote ID Type drop-down menu.

• IP—Select the IP option if the remote ID type is the IP

address specified as part of the tunnel.

• FQDN—Select FQDN if the remote ID type is a fully

qualified domain name (such as extremenetworks.com).

The setting for this field does not have to be fully

qualified, however it must match the setting for the

Certificate Authority.

• UFQDN—Select this item if the remote ID type is a

user unqualified email address (such as

johndoe@extremenetworks.com). The setting for this

field does not have to be unqualified, it just must match

the setting of the field of the Certificate Authority.

Remote ID Data If FQDN or UFQDN is selected, specify the data (either the

qualified domain name or the user name) in the Remote ID

Data field.

IKE Authentication

Mode

Select the appropriate IKE authentication mode:

• Pre-Shared Key (PSK)—Specify an authenticating

algorithm and passcode used during authentication.

• RSA Certificates—Select this option to use RSA

certificates for authentication purposes. See the CA

Certificates and Self certificates screens to create and

import certificates into the system.

IKE Authentication

Algorithm

IKE provides data authentication and anti-replay services

for the VPN tunnel. Select an authentication methods from

the drop-down menu.

• MD5—Enables the Message Digest 5 algorithm. No

keys are required to be manually provided.

• SHA1—Enables Secure Hash Algorithm. No keys are

required to be manually provided.

IKE Authentication

Passphrase

If you selected Pre-Shared Key as the authentication

mode, you must provide a passphrase.

IKE Encryption

Algorithm

Select the encryption and authentication algorithms for the

VPN tunnel from the drop-down menu.

• DES—Uses the DES encryption algorithm. No keys are

required to be manually provided.

• 3DES—Enables the 3DES encryption algorithm. No

keys are required to be manually provided.

• AES 128-bit—Uses the Advanced Encryption Standard

algorithm with 128-bit. No keys are required to be

manually provided.

• AES 192-bit—Enables the Advanced Encryption

Standard algorithm with 192-bit. No keys are required

to be manually provided.

• AES 256-bit—Uses the Advanced Encryption Standard

algorithm with 256-bit. No keys are required to be

manually provided.

Key Lifetime The number of seconds the key is valid. At the end of the

lifetime, the key is renegotiated.

The access point forces renegotiation every 3600 seconds.

There is no way to change the renegotiation value. If the

IKE Lifetime is greater than 3600, the keys still get

renegotiated every 3600 seconds.