Distinguished name support in IPSec

The IKE identification (IKE ID) is used for validation of VPN peer devices during IKE negotiation. The IKE ID received by device from a remote peer can be an IPv4 or an IPv6 address, a hostname, a fully qualified domain name (FQDN), or a distinguished name (DN). The IKE ID sent by the remote peer needs to match what is expected by the router. Otherwise, IKE ID validation fails and the VPN is not established. A distinguished name (DN) is a name used with digital certificates to uniquely identify a user.You can use a container keyword to specify the order of the fields in a distinguished name and their values must exactly match the configured distinguished name, or use a wildcard keyword to specify that the values of fields must match but the order of the fields does not matter.