3Com 3C13636 Configuration Manual page 1162

3Com Router 3000 Ethernet Family
Configuration Guide
In main mode, only IP address can be taken as the ID in IKE negotiation. In aggressive
mode, however, you may use either IP address or name as the ID in IKE negotiation.
V. Specifing ID of the remote security GW
If the initiator uses its GW name in IKE negotiation (that is, id-type name is used), it
sends the name to the peer as its identity, whereas the peer uses the username
configured using the remote-name name command to authenticate the initiator. To
pass authentication, this remote name must be the same one configured using the ike
local-name command on the gateway at the initiator end.
Perform the following configuration in IKE-peer view.
Table 8-12 Specify ID of the remote security GW
Specify a remote security GW.
Remove ID of the remote security GW.
VI. Configuring IP addresses of the local and remote security GWs
During an IKE negotiation, the initiator sends its IP address as its identity to the peer if
the id-type ip command is configured. The peer then uses the address or address
range configured with the remote-address command to authenticate the initiator. To
guarantee a successful authentication, you must make sure that the IP address
configured with the local-address command on the initiator is the same address or
within the address range configured with the remote-address command.
Perform the following configuration in IKE-peer view.
Table 8-13 Configure IP address of security GWs
Configure IP address of the local
security GW
Delete IP address of the local security
GW
Configure IP address of the remote
security GW.
Delete the IP address of the remote
security GW.
Generally speaking, you do not need to configure the local-address command unless
you want to specify a special address for the local GW (such as the address of
loopback interface).
Operation
Operation
3Com Corporation
8-9
Chapter 8 IKE Configuration
Command
remote-name name
undo remote-name
Command
local-address ip-address
undo local-address
remote-address
[ ip-address2 ]
undo remote-address
ip-address1