HP-UX IPSec version A.02.00 Administrator's Guide
Using Certificates with HP-UX IPSec
Configuring Authentication Records with IKE IDs
Chapter 4 139
-rtype
remote_id_type
The
remote_id_type
is the ID type used to verify the ID type sent by the
remote system when negotiating a ISAKMP/MM SA). This must match
what is configured on the remote system.
You do not have to configure the remote ID type if the remote system is
an HP-UX system or a non-HP system that uses IPv4 addresses as the
ID type, and is not multihomed.
Acceptable Values: For certificate-based authentication, the
acceptable values are IPV4 (IPv4 address), FQDN (Fully Qualified Domain
Name, also known as Domain Name Server or DNS name), USER-FQDN
(User-Fully Qualified Domain Name in Simple Mail Transfer Protocol
(SMTP) format, X500-DN (X.500 Subject Distinguished Name or DN;
encoded using OSI Abstract Syntax Notation One Distinguished
Encoding Rules, ASN.1 DER). The ID type IPV6 is not valid with
certificate-based authentication.
Default: IPV4. The ID type is based on the type of interface the IKE
daemon uses to communicate with the remote system. For
certificate-based authentication, the interface type will be IPV4.
-rid
remote_id
The
remote_id
is the ID value used to verify the ID value sent by the
remote system when negotiating a ISAKMP/MM SA). This must match
what is configured on the remote system.
You do not have to configure the remote ID value if the remote system is
an HP-UX system or a non-HP system that uses IPv4 addresses as the
ID type, and is not multihomed.
Acceptable Values: The acceptable values depend on the
remote_id_type
.
For
remote_id_type
IPV4,
remote_id
is the IPv4 address in
dotted-decimal notation for the subject of the certificate (the system
associated with the certificate). This must match the certificate
SubjectAlternativeName.
For
remote_id_type
FQDN,
remote_id
is the Fully Qualified Domain
Name (FQDN), also known as Domain Name Server or DNS name, such
as myhost.hp.com). This must match the subject of the certificate.