Pre-Shared-Key - H3C MSR Series Command Reference Manual

•
address range low-ipv4-address high-ipv4-address: Uses a range of IPv4 addresses as the
peer ID for IKE profile matching. The end address must be higher than the start address.
•
address ipv6 ipv6-address [ prefix-length ]: Uses an IPv6 host address or an IPv6 subnet
address as the peer ID for IKE profile matching. The prefix-length argument is in the range of 0
to 128.
•
address ipv6 range low-ipv6-address high-ipv6-address: Uses a range of IPv6 addresses as
the peer ID for IKE profile matching. The end address must be higher than the start address.
•
fqdn fqdn-name: Uses the peer's FQDN as the peer ID for IKE profile matching. The fqdn-name
argument is a case-sensitive string of 1 to 255 characters, such as www.test.com.
•
user-fqdn user-fqdn-name: Uses the peer's user FQDN as the peer ID for IKE profile matching.
The user-fqdn-name argument is a case-sensitive string of 1 to 255 characters, such as
adc@test.com.
vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance to which the specified
address or addresses belong. The vpn-instance-name argument represents the VPN instance
name, a case-sensitive string of 1 to 31 characters. If the address or addresses belong to the public
network, do not specify this option.
Usage guidelines
When an end needs to select an IKE profile, it compares the peer's ID received with the peer IDs of
its local IKE profiles. If a match is found, it uses the IKE profile with the matching peer ID for IKE
negotiation.
Each IKE profile must have at least one peer ID configured. To make sure only one IKE profile is
matched for a peer, do not configure the same peer ID for two or more IKE profiles. If you configure
the same peer ID for two or more IKE profiles, which IKE profile is selected for IKE negotiation is
unpredictable.
For an IKE profile, you can configure multiple peer IDs. A peer ID configured earlier has a higher
priority.
Examples
# Create the IKE profile prof1.
<Sysname> system-view
[Sysname] ike profile prof1
# Configure a peer ID with the identity type of FQDN and the value of www.test.com.
[Sysname-ike-profile-prof1] match remote identity fqdn www.test.com
# Configure a peer ID with the identity type of IP address and the value of 10.1.1.1.
[Sysname-ike-profile-prof1] match remote identity address 10.1.1.1
Related commands
local-identity

pre-shared-key

Use pre-shared-key to configure a pre-shared key.
Use undo pre-shared-key to delete a pre-shared key.
Syntax
In non-FIPS mode:
pre-shared-key { address { ipv4-address [ mask | mask-length ] | ipv6 ipv6-address
[ prefix-length ] } | hostname host-name } key { cipher | simple } string
undo pre-shared-key { address { ipv4-address [ mask | mask-length ] | ipv6 ipv6-address
[ prefix-length ] } | hostname host-name }
603