hmSec2VpnConnIkeAuthRemId
HMSECURITY2-MIB ·
.1.3.6.1.4.1.248.52.1.13.1.2.3.1.19
Object
column
r/w
OctetString
Remote peer identifier to be compared with ID
payload during negotiation. The ID payload is
used to identify the initiator of the security
association. The identity is used by the
responder to determine the correct host system
security policy requirement for the association
(see RFC 2407, section 4.6.2 for details when
using IKEv1 and RFC 4306, section 3.5 for IKEv2).
Allowed formats for this entry depend on
'hmSec2VpnConnIkeAuthRemType':
o any: don't care
o ipaddr: IPv4 address
o keyid: key identifier
o fqdn: fully qualified domain name
o email: fully qualified RFC 822 email address
o asn1dn: X.500 distinguished name (DN)
If 'hmSec2VpnConnIkeAuthRemType' is 'asn1dn':
o and 'hmSec2VpnConnIkeAuthRemId' a character
string, then a typical X.500 distinguished name
syntax has to be used, e.g. CN=XY-D,C=DE,L=NT,
ST=BW,O=COMPANY,OU=DEV,E=testuser@company.com);
o and 'hmSec2VpnConnIkeAuthRemId' is a hex string with prefix 0x,
then the associated distinguished name must be
DER encoded (see RFC 2459);
o and 'hmSec2VpnConnIkeAuthRemId' is empty, then
the distinguished name from the certificate in
'hmSec2VpnConnIkeAuthCertRemote' is used here;
o then the subject from received certificate (remote
peer distinguished name) is compared against this
value.
Context
- MIB
- HMSECURITY2-MIB
- OID
.1.3.6.1.4.1.248.52.1.13.1.2.3.1.19- Type
- column
- Access
- readwrite
- Status
- current
- Parent
- hmSec2VpnConnEntry
Syntax
OctetString
Values & Constraints
No enumerated values or constraints recorded.