Configuring The Global Identity Information - H3C S5830V2 Security Configuration Manual

Step
1. Enter system view.
2. Create an IKE keychain and
enter its view.
3. Configure a pre-shared key.
4. (Optional.) Specify a local
interface or IP address that
the IKE keychain can be
applied to.
5. (Optional.) Specify a
priority for the IKE keychain.

Configuring the global identity information

Follow these guidelines when you configure the global identity information for the local IKE.
The global identity can be used by the device for all IKE SA negotiations, and the local identity (set
•
by the local-identity command) can be used only by the device that uses the IKE profile.
When signature authentication is used, you can set any type of the identity information.
•
When pre-shared key authentication is used, you cannot set the DN as the identity.
•
To configure the global identity information:
Step
1. Enter system view.
2. Configure the global identity
to be used by the local.
Command
system-view
ike keychain keychain-name
[ vpn-instance vpn-name ]
pre-shared-key { address
{ ipv4-address [ mask | mask-length ] |
ipv6 ipv6-address [ prefix-length ] } |
hostname host-name } key { cipher
cipher-key | simple simple-key }
match local address { interface-type
interface-number | { ipv4-address |
ipv6 ipv6-address } [ vpn-instance
vpn-name ] }
priority number
Command
system-view
ike identity { address
{ ipv4-address | ipv6
ipv6-address } | dn | fqdn
[ fqdn-name ] | user-fqdn
[ user-fqdn-name ] }
271
Remarks
N/A
By default, no IKE keychain
exists.
By default, no pre-shared key is
configured.
For security purposes, all
pre-shared keys, including those
configured in plain text, are
saved in cipher text to the
configuration file.
By default, an IKE keychain can
be applied to any local interface
or IP address.
The default priority is 100.
Remarks
N/A
By default, the IP address of the
interface where the IPsec policy or
IPsec policy template applies is used
as the IKE identity.