Ike Identity - H3C MSR Series Command Reference Manual
Comware 7 security
Hide thumbs
Also See for MSR Series:
- Command reference manual (174 pages) ,
- Configuration manual (80 pages) ,
- Manual (33 pages)
Table of Contents
Advertisement
Examples
# Configure DPD to be triggered every 10 seconds and every 5 seconds between retries if the peer
does not respond.
<Sysname> system-view
[Sysname] ike dpd interval 10 retry 5 on-demand
Related commands
dpd
ike identity
Use ike identity to specify the global identity used by the local end during IKE negotiations.
Use undo ike identity to restore the default.
Syntax
ike identity { address { ipv4-address | ipv6 ipv6-address } | dn | fqdn [ fqdn-name ] | user-fqdn
[ user-fqdn-name ] }
undo ike identity
Default
The IP address of the interface where the IPsec policy applies is used as the IKE identity.
Views
System view
Predefined user roles
network-admin
Parameters
address { ipv4-address | ipv6 ipv6-address }: Uses an IPv4 or IPv6 address as the identity.
dn: Uses the DN in the digital signature as the identity.
fqdn fqdn-name: Uses the FQDN name as the identity. The fqdn-name argument is a case-sensitive
string of 1 to 255 characters, for example, www.test.com. If you do not specify this argument, the
device name configured by using the sysname command is used as the local FQDN.
user-fqdn user-fqdn-name: Uses the user FQDN name as the identity. The user-fqdn-name
argument is a case-sensitive string of 1 to 255 characters, for example, abc@test.com. If you do not
specify this argument, the device name configured by using the sysname command is used as the
user FQDN.
Usage guidelines
The global local identity can be used for all IKE SA negotiations. The local identity (set by the
local-identity command for an IKE profile) can be used only for IKE SA negotiations that use the IKE
profile.
If the local authentication method is signature authentication, you can set an identity of any type. If
the local authentication method is pre-shared key authentication, you cannot set the DN as the
identity.
The ike signature-identity from-certificate command sets the local device to always use the
identity information obtained from the local certificate for signature authentication. If the ike
signature-identity from-certificate command is not set, the local-identity command configuration,
if configured, takes precedence over the ike identity command configuration.
Examples
# Set the IP address 2.2.2.2 as the identity.
590
Advertisement
Table of Contents
