[prev in list] [next in list] [prev in thread] [next in thread]
List: openikev2-users
Subject: [openikev2-users] peer section in configuration file
From: alejandro_perez () dif ! um ! es (Alejandro Perez Mendez)
Date: 2006-07-10 16:15:51
Message-ID: 1152541363.22849.13.camel () diffie
[Download RAW message or body]
> hello,everyone!
Hi
> I am configuring the openikev2 in the platform of Fedora Core.
> I am focused about the peer section and anonymous section.
> But I don't kown which section should I configure?
There should be a peer section for each concrete peer (or peer group)
you desire communicate with using specific parameters.
The anonymous section is applied (if exists) to all the peers that
doesn't have a specific peer section.
> Should peer section be applied to host-host or tunnel-tunnel model?
Peer section is applied to both host-host and tunnel-tunnel depending on
the security policies. The peer section specifies the concrete
algorithms to be used, not the ipsec mode.
> And in the peer section,what is peer_id standing for,and what is the
> difference between peer_id and my_id in ike_sa section.
peer_id specifies the ID of the peer (or the IDs of the peers) matching
the concrete peer section. If the received ID of the peer (in the
IKE_AUTH exchange) doesn't math any peer section, the anonymous section
is applied.
my_id is the ID we will send to the peer in the IKE_AUTH exchange
Best regards!
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic