2.2.2.10 command for IKE profile B. For peer 2.2.2.2, IKE profile A is preferred because IKE profile A
was configured earlier. To use IKE profile B for the peer, you can use this command to restrict the
application scope of IKE profile B to address 2.2.2.2.
Examples
# Create IKE profile prof1.
<Sysname> system-view
[Sysname] ike profile prof1
match remote
Use match remote to configure a peer ID for IKE profile matching.
Use undo match remote to delete a peer ID.
Syntax
match remote { certificate policy-name | identity { address { ipv4-address [ mask | mask-length ] | range
low-ipv4-address high-ipv4-address } | fqdn fqdn-name | user-fqdn user-fqdn-name } }
undo match remote { certificate policy-name | identity { address { ipv4-address [ mask | mask-length ]
| range low-ipv4-address high-ipv4-address }| fqdn fqdn-name | user-fqdn user-fqdn-name } }
Default
No peer ID is configured for IKE profile matching.
Views
IKE profile view
Predefined user roles
network-admin
Parameters
certificate policy-name: Uses the DN in the peer's digital certificate as the peer ID for IKE profile
matching. The policy-name argument is a string of 1 to 31 characters.
identity: Uses the specified information as the peer ID for IKE profile matching. The specified information
is configured on the peer by using the local-identity command.
•
address ipv4-address [ mask | mask-length ]: Uses an IPv4 host address or an IPv4 subnet address
as the peer ID for IKE profile matching. The mask-length argument is in the range of 0 to 32.
address range low-ipv4-address high-ipv4-address: Uses a range of IPv4 addresses as the peer ID
•
for IKE profile matching. The end address must be higher than the start address.
fqdn fqdn-name: Uses the peer's FQDN as the peer ID for IKE profile matching. The fqdn-name
•
argument is a case-sensitive string of 1 to 255 characters, such as www.test.com.
user-fqdn user-fqdn-name: Uses the peer's user FQDN as the peer ID for IKE profile matching. The
•
user-fqdn-name argument is a case-sensitive string of 1 to 255 characters, such as adc@test.com.
Usage guidelines
When an end needs to select an IKE profile, it matches the peer's ID received against the peer IDs of its
local IKE profiles. If a match is found, it uses the IKE profile with the peer ID for IKE negotiation.
Each IKE profile must have at least one peer ID configured.
170