Identity Local - H3C MSR Series Command Reference Manual

Comware 7 security

Hide thumbs Also See for MSR Series:

Table of Contents

# Specify the peer IPv4 address 1.1.1.2 as the ID of the IKEv2 peer.

[Sysname-ikev2-keychain-key1-peer-peer1] identity address 1.1.1.2

Related commands

ikev2 keychain

identity local

Use identity local to configure the local ID, the ID that the device uses to identify itself to the peer

during IKEv2 negotiation..

Use undo identity local to restore the default.

identity local { address { ipv4-address | ipv6 ipv6-address } | dn | email email-string | fqdn

fqdn-name | key-id key-id-string }

undo identity local

No local ID is configured. The IP address of the interface to which the IPsec policy is applied is used

as the local ID.

IKEv2 profile view

Predefined user roles

network-admin

address { ipv4-address | ipv6 ipv6-address }: Uses an IPv4 or IPv6 address as the local ID.

dn: Uses the DN in the local certificate as the local ID.

email email-string: Uses an email address as the local ID. The email-string argument is a

case-sensitive string of 1 to 255 characters in the format defined by RFC 822, such as

sec@abc.com.

fqdn fqdn-name: Uses an FQDN as the local ID. The fqdn-name argument is a case-sensitive string

of 1 to 255 characters, such as www.test.com.

key-id key-id: Uses the device's key ID as the local ID. The key-id argument is a case-sensitive

string of 1 to 255 characters, and is usually a vendor-specific string for doing proprietary types of

identification.

Usage guidelines

Peers exchange local IDs for identifying each other in negotiation.

# Create an IKEv2 profile named profile1.

<Sysname> system-view

[Sysname] ikev2 profile profile1

# Use the IP address 2.2.2.2 as the local ID.

[Sysname-ikev2-profile-profile1] identity local address 2.2.2.2

Related commands