Authentication Mode

As part of the IKE protocol, one security gateway needs to authenticate the other security gateway to make sure that the IKE SA is established with the intended party. The ERX router supports two authentication methods:

• Digital certificates (using RSA algorithms)

  For digital certificate authentication, an initiator signs message interchange data using his private key, and a responder uses the initiator's public key to verify the signature. Typically, the public key is exchanged via messages containing an X.509v3 certificate. This certificate provides a level of assurance that a peer's identity (as represented in the certificate) is associated with a particular public key.

  For more information, see Configuring Digital Certificates.

• Preshared keys

  With preshared key authentication mode, the same secret string (similar to a password) must be configured on both security gateways before the gateways can authenticate each other. It is not advisable to share a preshared key among multiple pairs of security gateways, because it reduces the key's security level.

  The router allows preshared keys to be up to 256 ASCII alphanumeric characters.

Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice.