Table of Contents
Advertisement
Predefined user roles
network-admin
Parameters
interface-type interface-number
interface.
ipv4-address
ipv6 ipv6-address
vpn-instance vpn-instance-name
IPv6 address belongs. The
a case-sensitive string of 1 to 31 characters. If the IPv4 or IPv6 address belongs to the public
network, do not specify this option.
Usage guidelines
Use this command to specify which address or interface can use the IKE profile for IKE negotiation.
Specify the local address configured in IPsec policy or IPsec policy template view (using the
local-address
address of the interface that uses the IPsec policy.
An IKE profile configured earlier has a higher priority. To give an IKE profile that is configured later a
higher priority, you can configure this command for the profile. For example, suppose you configured
IKE profile A before configuring IKE profile B, and you configured the
address range 2.2.2.1 2.2.2.100
identity address range 2.2.2.1 2.2.2.10
interface with the IP address 3.3.3.3 to negotiate with the peer 2.2.2.6, IKE profile A is preferred
because IKE profile A was configured earlier. To use IKE profile B, you can use this command to
restrict the application scope of IKE profile B to address 3.3.3.3.
Examples
# Create IKE profile prof1.
<Sysname> system-view
[Sysname] ike profile prof1
# Apply IKE profile prof1 to IP address 2.2.2.2.
[sysname-ike-profile-prof1] match local address 2.2.2.1
# Apply IKE profile prof1 to the interface with IP address 2.2.2.2 in VPN instance vpn1.
[sysname-ike-profile-prof1] match local address 2.2.2.2 vpn-instance vpn1
match remote
Use
match remote
Use
undo match remote
Syntax
match
remote
{ { ipv4-address [ mask | mask-length ] | range low-ipv4-address
high-ipv4-address } | ipv6 { ipv6-address [ prefix-length ] | range
low-ipv6-address high-ipv6-address } } [ vpn-instance vpn-instance-name ]
| fqdn fqdn-name | user-fqdn user-fqdn-name } }
undo match remote { certificate policy-name | identity { address
{ { ipv4-address [ mask | mask-length ] | range low-ipv4-address
high-ipv4-address } | ipv6 { ipv6-address [ prefix-length ] | range
: Specifies the IPv4 address of a local interface.
: Specifies the IPv6 address of a local interface.
vpn-instance-name
command) for this command. If no local address is configured, specify the IP
to configure a peer ID for IKE profile matching.
to delete a peer ID for IKE profile matching.
{
certificate
: Specifies a local interface. It can be any Layer 3
: Specifies the MPLS L3VPN instance to which the IPv4 or
argument represents the VPN instance name,
command for IKE profile A and the
command for IKE profile B. For the local
policy-name
30
match remote identity
match remote
|
identity
{
address
Advertisement
Chapters
Table of Contents
