User`s guide
187
Our ID type
This defines how the remote peer is to process the Our ID configuration.
IKE ID The Our ID parameter is a simple key ID (e.g. vpnclient1).
FQDN
The Our ID parameter is a Fully Qualified Domain Name (e.g.
vpnclient1.anycompany.com)
User FQDN
The Our ID parameter is a Fully Qualified Domain Name with a user
element (e.g. joe.bloggs@anycompany.com)
Remote ID
When Aggressive mode is On, this parameter is a string of up to 20 characters which is
used to identify the remote peer. It should contain the same text as the Our ID
parameter in the remote peer’s configuration.
When Aggressive mode is Off, this parameter must be the IP address of the remote peer.
RSA Key File
This parameter can be used to override the private key filename in the IKE configuration.
It is only used when RSA Signatures (Certificates) are being used for the authentication
stage of the IKE negotiation.
Use enc encryption on this tunnel
The ESP encryption protocol to use with this IPsec tunnel. The options are
• No (None)
• Null
• DES
• 3DES
• AES (128 bit keys)
• AES (192 bit keys)
• AES (256 bit keys)
If the dropdown options only display None and Null, the router will need Encryption
enabling. Please speak to your sales contact with regards to getting Encryption enabled.
Use auth authentication on this tunnel
The ESP authentication algorithm to use with this IPsec tunnel. The options are
• No (None)
• MD5
• SHA1
Use Diffie Hellman group
The Diffie Hellman (DH) group to use when negotiating new IPsec SAs. When used, the
IPsec SA keys cannot be predicted from any of the previous keys generated. The options
are “No PFS”, 1, 2 or 3. The larger values result in “stronger” keys but they take longer to
generate.
Use IKE n to negotiate this tunnel
The IKE version to use to negotiate this IPsec tunnel.
Use IKE configuration
The IKE configuration instance to use with this Eroute when the router is configured as an
Initiator.