beautypg.com

Brocade Mobility 7131 Access Point Product Reference Guide (Supporting software release 4.4.0.0 and later) User Manual

Page 240

background image

228

Brocade Mobility 7131 Access Point Product Reference Guide

53-1002517-01

6

Operation Mode

The Phase I protocols of IKE are based on the ISAKMP identity-protection and aggressive
exchanges. IKE main mode refers to the identity-protection exchange, and IKE aggressive
mode refers to the aggressive exchange.

Main - Standard IKE mode for communication and key exchange.

Aggressive - Aggressive mode is faster, but less secure than Main mode.
Identities are not encrypted unless public key encryption is used. The
authentication method cannot be negotiated if the initiator chooses
public key encryption

Local ID Type

Select the type of ID to be used for the Mobility 7131 Access Point end of the SA.

IP - Select IP if the local ID type is the IP address specified as part of the
tunnel.

FQDN - Use FQDN if the local ID is a fully qualified domain name (such as

sj.brocade.com

).

UFQDN - Select UFQDN if the local ID is a user fully-qualified email (such
as

[email protected]

).

Local ID Data

Specify the FQDN or UFQDN based on the Local ID type assigned.

Remote ID Type

Select the type of ID to be used for the Mobility 7131 Access Point end of the tunnel from
the

Remote ID Type

drop-down menu.

IP - Select the IP option if the remote ID type is the IP address specified
as part of the tunnel.

FQDN - Select FQDN if the remote ID type is a fully qualified domain
name (such as sj.brocade.com). The setting for this field does not have to
be fully qualified, however it must match the setting for the Certificate
Authority.

UFQDN - Select this item if the remote ID type is a user unqualified email
address (such as [email protected]). The setting for this field does
not have to be unqualified, it just must match the setting of the field of
the Certificate Authority.

Remote ID Data

If FQDN or UFQDN is selected, specify the data (either the qualified domain name or the
user name) in the

Remote ID Data

field.

IKE Authentication
Mode

Select the appropriate IKE authentication mode:

Pre-Shared Key (PSK) - Specify an authenticating algorithm and
passcode used during authentication.

RSA Certificates - Select this option to use RSA certificates for
authentication purposes. See the CA Certificates and Self certificates
screens to create and import certificates into the system.

IKE Authentication
Algorithm

IKE provides data authentication and anti-replay services for the VPN tunnel. Select an
authentication methods from the drop-down menu.

MD5 - Enables the Message Digest 5 algorithm. No keys are required to
be manually provided.

SHA1 - Enables Secure Hash Algorithm. No keys are required to be
manually provided.

IKE Authentication
Passphrase

If you selected

Pre-Shared Key

as the authentication mode, you must provide a

passphrase.

See also other documents in the category Brocade Computer Accessories: