Manualshelf

Specifications

ManualsBrandsMotorola ManualsComputer equipmentWS2000 - Wireless Switch - Network Management Device
71727374757677787980
4-24 WS2000 Wireless Switch System Reference Guide
3. Select the Operation Mode for IKE. The Phase I protocols of IKE are based on the ISAKMP identity-
protection and aggressive exchanges. IKE main mode refers to the identity-protection exchange, and IKE
aggressive mode refers to the aggressive exchange.
4. Select the type of ID to be used for the WS2000 end of the tunnel from the Local ID Type menu.
5. If FQDN or UFQDN are selected, specify the data (either the qualified domain name or the user name)
in the Local ID Data field.
6. Repeat steps 4 and 5 for the Remote ID Type and Remote ID Data fields.
7. Choose the authentication mode to be used with the IKE algorithm from the IKE Authentication Mode
menu.
8. IKE provides data authentication and anti-replay services for the VPN tunnel. Select the desired
authentication methods from the IKE Authentication Algorithm menu.
9. If Pre-Shared Key is the authentication mode, provide a key in the IKE Authentication Passphrase
field. If MD5 is the selected authentication algorithm, provide a 32-character hexadecimal key. If SHA1
is the selected algorithm, provide a 40-character hexadecimal key.
10.Use the IKE Encryption Algorithm menu to select the encryption and authentication algorithms for this
VPN tunnel.
Main This is the standard IKE mode for communication and key exchange.
Aggressive Aggressive mode is faster and less secure than Main mode. Identities are not encrypted
unless public key encryption is used. The Diffie-Hellman group cannot be negotiated; it is
chosen by the initiator. Also, the authentication method cannot be negotiated if the initia-
tor chooses to use public key encryption.
IP Select this option if the local ID type is the IP address specified as part of the tunnel.
FQDN Select this item if the local ID type is a fully qualified domain name (such as sj.sym-
bol.com). The setting for this field does not have to be fully qualified, it just must match
the setting of the field for the Certificate Authority.
UFQDN Select this item if the local ID type is a user unqualified domain name (such as john-
doe@symbol.com). The setting for this field does not have to be unqualified, it just must
match the setting of the field of the Certificate Authority.
Pre-shared key This option requires that you specify an authentication algorithm and passcode to be
used during authentication.
RSA
Certificates
Select this option to use RSA certificates for authentication purposes. See Managing
Digital Certificates to create and import certificates into the system.
MD5 Enables the Message Digest 5 algorithm, which requires 128-bit (32-character hexa-
decimal) authentication keys.
SHA1 Enables Secure Hash Algorithm 1, which requires 160-bit (40-character hexadecimal)
keys.
DES This options selects the DES encryption algorithm, which requires 64-bit (16-character
hexadecimal) keys.
3DES This option selects the 3DES encryption algorithm, which requires 192-bit (48-character
hexadecimal) keys. When creating keys for 3DES, the first 8 bytes cannot equal the sec-
ond 8 bytes, and the second 8 bytes cannot equal the third 8 bytes.