IKEv1 Checking Options Fill in IKE ID payload /w something in Cert SubjectAltName and check that the two match Just present Cert, and let receiving peer’s local policy determine what they extract and use as ID Fill in ID w/ something to match IKE SPD entry on receiving peer, then use some SubjectAltName field (as defined by local policy) to do ACL lookup and IPsec SA setup |