Configuring The Global Identity Information - HPE FlexNetwork 5510 HI Series Security Configuration Manual
Hide thumbs
Also See for FlexNetwork 5510 HI Series:
- Configuration manual (572 pages) ,
- Mpls configuration manual (505 pages) ,
- Layer 3 - ip routing configuration manual (486 pages)
Table of Contents
Advertisement
Step
4.
(Optional.) Specify a local
interface or IP address to
which the IKE keychain can
be applied.
5.
(Optional.)
priority
keychain.
Configuring the global identity information
Follow these guidelines when you configure the global identity information for the local IKE:
•
The global identity can be used by the device for all IKE SA negotiations, and the local identity
(set by the local-identity command) can be used only by the device that uses the IKE profile.
•
When signature authentication is used, you can set any type of the identity information.
•
When pre-shared key authentication is used, you cannot set the DN as the identity.
To configure the global identity information:
Step
1.
Enter system view.
2.
Configure the global identity
to be used by the local end.
3.
(Optional.)
local device to always obtain
the identity information from
the
local
signature authentication.
Command
{ ipv4-address [ mask | mask-length ] |
ipv6 ipv6-address [ prefix-length ] } |
hostname host-name } key { cipher
cipher-key | simple simple-key }
In Release 1121 and later:
•
•
match local address { interface-type
interface-number | { ipv4-address |
ipv6 ipv6-address } [ vpn-instance
vpn-name ] }
Specify
a
for
the
IKE
priority number
Command
system-view
ike
{
ipv6-address } | dn | fqdn
[ fqdn-name ] | user-fqdn
[ user-fqdn-name ] }
Configure
the
ike
from-certificate
certificate
for
In
non-FIPS
pre-shared-key
{
address
{
ipv4-address
[
mask
mask-length
]
|
ipv6-address [ prefix-length ] } |
hostname host-name } key
{ cipher cipher-key | simple
simple-key }
In
FIPS
pre-shared-key
{
address
{
ipv4-address
[
mask
mask-length
]
|
ipv6-address [ prefix-length ] } |
hostname host-name } key
[cipher cipher-key ]
identity
{
address
ipv4-address
|
ipv6
signature-identity
297
Remarks
For
security
pre-shared keys, including those
configured in plain text, are
saved in cipher text to the
configuration file.
mode:
|
ipv6
mode:
|
ipv6
By default, an IKE keychain can
be applied to any local interface
or IP address.
The default priority is 100.
Remarks
N/A
By default, the IP address of the
interface to which the IPsec policy or
IPsec policy template is applied is
used as the IKE identity.
By default, the local end uses the
identity
information
local-identity or ike identity for
signature authentication.
Configure this command when the
aggressive
mode
authentication are used and the
device interconnects with a Comware
5-based peer device. Comware 5
purposes,
all
specified
by
and
signature
- Quick Links:
- Radius
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
