Table of Contents
Advertisement
S9700 Core Routing Switch
Configuration Guide - SPU
4.4.4 Configuring an IKE Peer
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ike peer peer-name [ v1 | v2 ]
An IKE peer is created and the IKE peer view is displayed.
Step 3 (Optional) Run:
exchange-mode { main | aggressive }
The IKE negotiation mode is configured.
In aggressive mode, the local ID type must be set to ip or name in step 5. In main mode, the
local ID type must be set to ip.
Step 4 (Optional) Run:
ike-proposal proposal-number
An IKE proposal is configured.
Step 5 (Optional) Run:
local-id-type { ip | name }
The local ID type is configured.
By default, the IP address of the local end is used as the local ID.
Step 6 (Optional) Run:
local-address address
The IP address of the local end is configured.
By default, the local end address is the IP address of the interface bound to the IPSec policy.
Step 7 (Optional) Run:
peer-id-type { ip | name }
The peer ID type is configured.
By default, the IP address of the local end is used as the local ID.
The peer-id-type command is valid only when IKEv2 is used.
Step 8 (Optional) Run:
nat traversal
NAT traversal is enabled.
When NAT traversal is enabled, local-id-type must be set to name.
Step 9 (Optional) Run:
pre-shared-key key-string
The pre-shared key used by the local end and remote peer is configured.
Issue 01 (2012-03-15)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4 IPSec Configuration
123
Advertisement
Table of Contents
