beautypg.com

Ike authentication with certificates, Set of server vendor specific parameters, Configuring xauth – RCA 608WL User Manual

Page 198: Set of, Chapter 5

background image

Chapter 5

Expert Configuration

E-DOC-CTC-20041126-0013 v1.0

196

IKE Authentication with

Certificates

See

“ IKE Authentication with Certificates” on page 191

.

Set of Server Vendor

specific parameters

When for the IKE Authentication method the Preshared Key method was selected,
some Server Vendor specific fields must be filled out for the Automatic Start
mechanism.
For a generic VPN server:
You have to fill out your e-mail address. This e-mail address (User FQDN) is used as
the local identity of the VPN client.

For a Cisco VPN server:
You have to fill out the Group ID. The value should correspond with the groupname,
as configured on the Cisco VPN server with the command:

For a Nortel VPN server:

Configuring XAuth

You can optionally use the Extended Authentication protocol in combination with the
Automatic Start mechanism. Simply fill out a Username and Password in the
optional fields, and XAuth is used when the connection is established. The Username
and Password in this case act as a group key for all local terminals authorized to use
the VPN connection.

!

When building a VPN with multiple SpeedTouch™ devices configured as VPN
client at different locations, you must take care to configure a unique e-mail
address in each VPN client. The e-mail address is used by the VPN server as
an identifier to bind an IP address to the VPN client.

crypto isakmp client configuration group groupname

!

Interworking with a Nortel VPN server is possible only when IKE
Authentication is done via Certificates. Pre-shared key authentication can not
be used on an IPSec connection between a SpeedTouch™ VPN client and a
Nortel VPN server.

This manual is related to the following products: