Table of Contents
Advertisement
: Specifies the remote host name, a case-insensitive string of 1 to 253 characters. The
hostname
host name can be resolved to an IP address by the DNS server.
ipv4-address
ipv6-address
Usage guidelines
This remote IP address configuration is required on the IKE negotiation initiator and optional on the
responder if the responder uses an IPsec policy template.
A manual IPsec policy does not support DNS. Therefore, you must specify a remote IP address
rather than a remote host name for the manual IPsec policy.
If you configure a remote host name, make sure the local end can always resolve the host name into
the latest IP address of the remote end.
•
If a DNS server is used for resolution, the local end queries the remote IP address again from
the DNS server after the previously cached remote IP address expires. This mechanism
ensures that the local end can always obtain the latest remote IP address.
•
If a static DNS entry is used for resolution, you must reconfigure the
command whenever the remote IP address changes. Without the reconfiguration, the local end
cannot obtain the latest remote IP address.
For example, the local end has a static DNS entry which maps the host name test to the IP address
1.1.1.1. Configure the following commands:
# Configure the remote host name to test for the IPsec tunnel in the IPsec policy policy1.
[
]
Sysname
[
Sysname-ipsec-policy-isakmp-policy1-1
# Change the IP address for the host test to 2.2.2.2.
[
]
Sysname
In this case, you must reconfigure the remote host name for the IPsec policy policy1 so that the local
end can obtain the latest IP address of the remote host.
# Reconfigure the remote host name to test for the IPsec tunnel in the IPsec policy policy1.
[
]
Sysname
[
Sysname -ipsec-policy-isakmp-policy1-1
Examples
# Specify remote IP address 10.1.1.2 for the IPsec tunnel.
<Sysname> system-view
[
]
Sysname
[
Sysname-ipsec-policy-manual-policy1-10
Related commands
(Layer 3—IP Services Command Reference)
ip host
local-address
reset ipsec sa
Use
reset ipsec sa
Syntax
reset ipsec sa [ { ipv6-policy | policy } policy-name [ seq-number ] | profile
policy-name
{ ipv4-address | ipv6 ipv6-address } { ah | esp } spi-num ]
: Specifies a remote IPv4 address.
: Specifies a remote IPv6 address.
ipsec policy policy1 1 isakmp
ip host test 2.2.2.2
ipsec policy policy1 1 isakmp
ipsec policy policy1 10 manual
to clear IPsec SAs.
| remote { ipv4-address | ipv6
]
remote-address test
]
remote-address test
]
remote-address 10.1.1.2
49
remote-address
ipv6-address } | spi
Advertisement
Chapters
Table of Contents
