H3C S6550X-HI Series Command Reference Manual page 2297

Views
IKE proposal view
Predefined user roles
network-admin
Parameters
dsa-signature
pre-share
: Specifies the RSA digital envelope authentication method.
rsa-de
rsa-signature
Usage guidelines
Preshared key authentication does not require certificates as signature authentication does, and it is
usually used on a simple network.
Signature authentication provides higher security, and it is usually deployed on a large-scale network,
such as a network with many branches.
On a network with many branches, using preshared key authentication requires the headquarters to
configure a preshared key for each branch. Using signature authentication only requires the
headquarters to configure one PKI domain.
The digital envelope authentication method is supported only in IKEv1 and must be used if the
device is subject to China OSCCA regulations.
Authentication methods configured on both IKE ends must match.
If you specify the RSA or DSA signature authentication method, you must configure the IKE peer to
obtain certificates from a CA.
If you specify the preshared key authentication method, you must configure the same preshared key
on both IKE ends.
Examples
# Specify the preshared key authentication method for IKE proposal 1.
<Sysname> system-view
[Sysname] ike proposal 1
[Sysname-ike-proposal-1] authentication-method pre-share
Related commands
display ike proposal
ike keychain
pre-shared-key
certificate domain
Use
certificate domain
Use
undo certificate domain
Syntax
certificate domain domain-name
undo certificate domain domain-name
: Specifies the DSA signature authentication method.
: Specifies the preshared key authentication method.
: Specifies the RSA signature authentication method.
to specify a PKI domain for signature authentication.
to remove a PKI domain for signature authentication.
3