Configuring The Global Identity Information - HP FlexNetwork 10500 Series Security Configuration Manual
Hide thumbs
Also See for FlexNetwork 10500 Series:
- Configuration manual (512 pages) ,
- Specifications (42 pages) ,
- Datasheet (20 pages)
Table of Contents
Advertisement
Step
3.
Configure a pre-shared
key.
4.
(Optional.) Specify a local
interface or IP address to
which the IKE keychain
can be applied.
5.
(Optional.) Specify a
priority for the IKE
keychain.
Configuring the global identity information
Follow these guidelines when you configure the global identity information for the local IKE:
•
The global identity can be used by the device for all IKE SA negotiations, and the local identity
(set by the local-identity command) can be used only by the device that uses the IKE profile.
•
When signature authentication is used, you can set any type of the identity information.
•
When pre-shared key authentication is used, you cannot set the DN as the identity.
To configure the global identity information:
Step
1.
Enter system view.
2.
Configure the global identity
to be used by the local end.
3.
(Optional.) Configure the
local device to always obtain
the identity information from
the local certificate for
signature authentication.
Command
•
In non-FIPS mode:
pre-shared-key { address
{ ipv4-address [ mask |
mask-length ] | ipv6
ipv6-address [ prefix-length ] } |
hostname host-name } key
{ cipher cipher-key | simple
simple-key }
•
In FIPS mode:
pre-shared-key { address
{ ipv4-address [ mask |
mask-length ] | ipv6
ipv6-address [ prefix-length ] } |
hostname host-name } key
[ cipher cipher-key ]
match local address { interface-type
interface-number | { ipv4-address |
ipv6 ipv6-address } [ vpn-instance
vpn-name ] }
priority number
Command
system-view
ike identity { address
{ ipv4-address | ipv6
ipv6-address } | dn | fqdn
[ fqdn-name ] | user-fqdn
[ user-fqdn-name ] }
ike signature-identity
from-certificate
320
Remarks
By default, no pre-shared key is
configured.
For security purposes, all
pre-shared keys, including
those configured in plain text,
are saved in cipher text to the
configuration file.
By default, an IKE keychain can
be applied to any local interface
or IP address.
The default priority is 100.
Remarks
N/A
By default, the IP address of the
interface to which the IPsec policy or
IPsec policy template is applied is
used as the IKE identity.
By default, the local end uses the
identity information specified by
local-identity or ike identity for
signature authentication.
Configure this command when the
aggressive mode and signature
authentication are used and the
device interconnects with a Comware
5-based peer device. Comware 5
supports only DN for signature
authentication.
Advertisement
Table of Contents
Troubleshooting
