Manualshelf

TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
461462463464465466467468469470
7-12
Virtual Private Networks
IPsec VPNs
The ID can be one of these:
An IP address
A local ID of this type should be the IP address for the interface that
handles incoming VPN traffic.
Similarly, a remote ID of this type should specify the remote interface to
which VPN traffic is destined. The remote ID on one peer must match the
local ID on the other peer.
A fully qualified domain name (FQDN)
A local ID of this type is typically the FQDN of the local VPN gateway.
Similarly, a remote ID of this type would be the FQDN of the remote VPN
gateway.
An email address
The IKE policy can specify an email address as the local or the remote ID.
The email address does not need to be valid. It simply needs to match the
ID expected or transmitted by the peer.
An Abstract Syntax Notation distinguished name (ASN.1 DN)
Use this type only if the IKE policy specifies certificates for the authenti-
cation method. The value is the ASN.1 DN that is associated with the
certificate, for example: /CN=TMSzl.procurveu.edu.
Note If you use certificates for IKE authentication, you must specify either the DN
as the identity type or you must specify a type and value of a subject alternate
name that was specified when you generated the IPsec certificate request for
the local endpoint.
IKE modes. IKE phase 1 can be initiated in one of two modes:
Main mode
Aggressive mode
Main mode consists of the six messages (three exchanges) described above.