Configuring An Ikev2 Keyring - HPE FlexNetwork MSR Series Comware 5 Security Configuration Manual

•
If no IKEv2 policy is configured, IKEv2 uses the system predefined IKEv2 policy default.
You can configure multiple IKEv2 policies. A policy configured earlier has a higher priority.
To configure an IKEv2 policy:
Step
1. Enter system view.
2. Create an IKEv2 policy and
enter IKEv2 policy view.
3. Specify the IKEv2 proposals.
4. Specify the local address
used for IKEv2 policy
matching.

Configuring an IKEv2 keyring

An IKEv2 keyring specifies the pre-shared keys used for IKEv2 negotiation. An IKEv2 keyring might
have multiple peers. Each peer has a symmetric or asymmetric pre-shared key, and an argument for
identifying the peer (such as the peer's host name, IP address or address range, or ID). An IKEv2
negotiation initiator uses the peer host name or IP addresses/address range as the matching
criterion to search for a peer. A responder uses the peer host IP address, address range, or ID as the
matching criterion to search for a peer.
To configure an IKEv2 keyring:
Step
1. Enter system view.
2. Create an IKEv2 keyring
and enter IKEv2 keyring
view.
3. Create an IKEv2 peer and
enter IKEv2 peer view.
Command
system-view
ikev2 policy policy-name
proposal proposal-name&<1-6>
match address local
{ ipv4-address | ipv6
ipv6-address }
Command
system-view
ikev2 keyring keyring-name
peer peer-name
224
Remarks
N/A
By default, the device has a
system predefined IKEv2 policy
named default. This policy uses
the default IKEv2 proposal and
matches any local address.
By default, a non-system
predefined IKEv2 policy
references no IKEv2 proposal.
A proposal specified earlier has a
higher priority.
Optional.
By default, no local address is
used for IKEv2 policy matching,
and the policy matches any local
address.
An IKEv2 policy might have
multiple local IP addresses for
policy matching.
Remarks
N/A
By default, no IKEv2 keyring
exists.
By default, no IKEv2 peer exists.