372
Views
IKE profile view
Predefined user roles
network-admin
Parameters
address { ipv4-address | ipv6 ipv6-address }: Uses an IPv4 or IPv6 address as the local ID.
dn: Uses the DN in the local certificate as the local ID.
fqdn fqdn-name: Uses an FQDN as the local ID. The fqdn-name argument is a case-sensitive string of 1
to 255 characters, such as www.test.com. If you do not specify this argument, the device name
configured by using the sysname command is used as the local FQDN.
user-fqdn user-fqdn-name: Uses a user FQDN as the local ID. The user-fqdn-name argument is a
case-sensitive string of 1 to 255 characters, such as adc@test.com. If you do not specify this argument,
the device name configured by using the sysname command is used as the user FQDN.
Usage guidelines
An IKE profile can have only one local ID.
For digital signature authentication, the device can use any type of ID. If the local ID is an IP address that
is different from the IP address in the local certificate, the device uses its FQDN (the device name
configured by using the sysname command) instead.
For pre-shared key authentication, the device can use any type of ID other than the DN.
An IKE profile with no local ID specified uses the local ID configured by using the ike identity command
in system view.
Examples
# Set the local ID to IP address 2.2.2.2.
<Sysname> system-view
[Sysname] ike profile prof1
[Sysname-ike-profile-prof1] local-identity address 2.2.2.2
Related commands
• match remote
• ike identity
match local address (IKE keychain view)
Use match local address to specify a local interface or IP address to which an IKE keychain can be
applied.
Use undo match local address to restore the default.
Syntax
match local address { interface-type interface-number | { ipv4-address | ipv6 ipv6-address }
[ vpn-instance vpn-name ] }
undo match local address
Default
An IKE keychain can be applied to any local interface or IP address.
To Next Page
Loading...
Need help?
General
