WAN Configuration 4-19
4. Select the type of ID to be used for the WS 2000 end of the tunnel from the Remote ID Type menu.
5. If FQDN or UFQDN are selected, specify the data (either the qualified domain name or the user name) in the Local ID
Data field.
6. Repeat steps 4 and 5 for the Remote ID Type and Remote ID Data fields.
7. Choose the authentication mode to be used with the IKE algorithm from the IKE Authentication Mode menu.
8. IKE provides data authentication and anti-replay services for the VPN tunnel. Select the desired authentication methods
from the IKE Authentication Algorithm menu.
9. If Pre-Shared Key is the authentication mode, provide a key in the IKE Authentication Passphrase field. If MD5 is
the selected authentication algorithm, provide a 32-character hexadecimal key. If SHA1 is the selected algorithm,
provide a 40-character hexadecimal key.
10. Use the IKE Encryption Algorithm menu to select the encryption and authentication algorithms for this VPN tunnel.
11. Specify a Key Lifetime, which is the number of seconds that the key is valid. At the end of the lifetime, the key is
renegotiated between the two parties.
IP Select this option if the local ID type is the IP address specified as part of the tunnel.
FQDN Select this item if the local ID type is a fully qualified domain name (such as sj.symbol.com). The set-
ting for this field does not have to be fully qualified, it just must match the setting of the field for the
Certificate Authority.
UFQDN Select this item if the local ID type is a user unqualified domain name (such as johndoe@sym-
bol.com). The setting for this field does not have to be unqualified, it just must match the setting of
the field of the Certificate Authority.
Pre-shared key This option requires that you specify an authentication algorithm and passcode to be used
during authentication.
RSA Certificates Select this option to use RSA certificates for authentication purposes. See Managing Digital
Certificates to create and import certificates into the system.
MD5 Enables the Message Digest 5 algorithm, which requires 128-bit (32-character hexadecimal)
authentication keys.
SHA1 Enables Secure Hash Algorithm 1, which requires 160-bit (40-character hexadecimal) keys.
DES This options selects the DES encryption algorithm, which requires 64-bit (16-character hexadeci-
mal) keys.
3DES This option selects the 3DES encryption algorithm, which requires 192-bit (48-character hexadec-
imal) keys. When creating keys for 3DES, the first 8 bytes cannot equal the second 8 bytes, and
the second 8 bytes cannot equal the third 8 bytes.
AES 128-bit This options selects the Advanced Encryption Standard algorithm in use with 128-bit (32-charac-
ter hexadecimal) keys.
AES 192-bit This options selects the Advanced Encryption Standard algorithm in use with 192-bit (48-charac-
ter hexadecimal) keys.
AES 256-bit This options selects the Advanced Encryption Standard algorithm in use with 256-bit (64-charac-
ter hexadecimal) keys.