 | Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |
As part of the IKE protocol, one security gateway needs to authenticate another security gateway to make sure that IKE SAs are established with the intended party. The router supports two authentication methods:
For digital certificate authentication, an initiator signs message interchange data using his private key, and a responder uses the initiator's public key to verify the signature. Typically, the public key is exchanged via messages containing an X.509v3 certificate. This certificate provides a level of assurance that a peer's identity—as represented in the certificate—is associated with a particular public key. E-series routers provide both an offline (manual) and an online (automatic) process when using digital certificates.
With preshared key authentication, the same secret must be configured on both security gateways before the gateways can authenticate each other.
The following sections provide information about digital certificates. For information about using preshared keys, see IKE Overview .
You can also use public keys for RSA authentication without having to obtain a digital certificate. For details, see IKE Authentication Using Public Keys Without Digital Certificates .
| Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |