Pre-Shared-Key - HP FlexNetwork MSR Series Command Reference Manual

ikev2 keychain

pre-shared-key

Use pre-shared-key to configure a pre-shared key.
Use undo pre-shared-key to delete a pre-shared key.
Syntax
pre-shared-key [ local | remote ] { ciphertext | plaintext } string
undo pre-shared-key [ local | remote ]
Default
No pre-shared key exists.
Views
IKEv2 peer view
Predefined user roles
network-admin
Parameters
local: Specifies a pre-shared key for certificate signing.
remote: Specifies a pre-shared key for certificate authentication.
ciphertext: Specifies a pre-shared key in encrypted form.
plaintext: Specifies a pre-shared key in plaintext form. For security purposes, the key specified in
plaintext form will be stored in encrypted form.
string: Specifies the pre-shared key. The key is case sensitive. In non-FIPS mode, its plaintext form
is a string of 1 to 128 characters and its encrypted form is a string of 1 to 201 characters. In FIPS
mode, its plaintext form is a string of 15 to 128 characters and its encrypted form is a string of 15 to
201 characters.
Usage guidelines
If you specify the local or remote keyword, you configure an asymmetric key. If you specify neither
the local nor the remote keyword, you configure a symmetric key.
To delete a key by using the undo command, you must specify the correct key type. For example, if
you configure a key by using the pre-shared-key local command, you cannot delete the key by
using the undo pre-shared-key or undo pre-shared-key remote command.
If you execute this command multiple times, the most recent configuration takes effect.
Examples

•

On the initiator:
# Create an IKEv2 keychain named key1.
<Sysname> system-view
[Sysname] ikev2 keychain key1
# Create an IKEv2 peer named peer1.
[Sysname-ikev2-keychain-key1] peer peer1
# Configure the symmetric plaintext pre-shared key 111-key.
[Sysname-ikev2-keychain-key1-peer-peer1] pre-shared-key plaintext 111-key
[Sysname-ikev2-keychain-key1-peer-peer1] quit
# Create an IKEv2 peer named peer2.
588