In addition to the actual authentication, the various possible VPN connections and peers must be clearly distinguished during the connection establishment. For this purpose, an IKE ID (also called an IPSec ID) is specified for each of the two sides of a connection. Each VPN connection then has a combination of its own ID and the ID of the peer.

This combination must be unique for each VPN connection. In addition, this combination of own ID and peer ID must be stored identically on both sides of the VPN connection, with the own and peer IDs swapped.

Every such ID also has an ID type. This ID type is sent during the connection establishment and is also compared. Many different ID types are standardized, but only a few have found use in practice:

When authenticating with a certificate, the common ID types are ID_DER_ASN1_DN (holder/subject of the certificate) and ID_FQDN (host name or Subject Alternative Name from the certificate). ID_DER_ASN1_DN is more common, but some VPN clients only work with ID_FQDN. In the Intra2net system, the ID used can be selected for the key/certificate being used, see Section 44.3, „IKE-IDs“.

When authenticating with a pre-shared key, the common ID types are ID_IPV4_ADDR (external IP address of the respective side), ID_FQDN (DNS hostname of the respective side) and ID_RFC822_ADDR (any unique email address).

Intra2net recommends always using the ID_RFC822_ADDR / email type for pre-shared keys. This is because the type can be clearly identified by the "@" sign. Furthermore, there is no possibility of associating these IDs with the IP address of the underlying connection and thus potentially misinterpreting them. It does not have to be a real existing email address; it serves only for unique identification.