|
Setting/Setting Confirmation
225
■
IKEv2 authentication method combined operation
In IKEv2, own device and peer device authentication must be set respectively. These authentication methods are
supported: pre-shared key authentication, EAP-MD5 authentication, and digital signature authentication.
*EAP-MD5 authentication is supported only for the side to be authenticated. Digital signature authentication is
supported only by the requester side.
The following shows the setting pattern in which IKEv2 authentication is established or not.
(1)
Authentication pattern
①
The pattern is set only by pre-shared keys.
(2) Authentication pattern
②
Pattern set with pre-shared key plus digital signature.
Own device
authentication
Authentication method:
Pre-shared key
Password: aaa
Peer device
authentication
Authentication method:
Pre-shared key
Password: aaa
Own device
authentication
Authentication method:
Pre-shared key
Password: aaa
Peer device
authentication
Authentication method:
Pre-shared key
Password: aaa
Initiator
Responder
Authentication is established as both an
Initiator and Responder (There is no
restriction on the starting direction)
Device
Device
Own device
authentication
Authentication method:
Pre-shared key
Password: aaa
Peer device
authentication
Authentication method:
digital signature
File name: test.pem
Own device
authentication
Authentication method:
digital signature
File name: test.pem
Peer device
authentication
Authentication method:
Pre-shared key
Password: aaa
Initiator
Responder
・
Place a center router that can digitally
sign
・
Authentication is established as both an
Initiator and Responder (There is no
restriction on the starting direction)
Device
Other
Device