Table of Contents
Advertisement
low-ipv6-address high-ipv6-address } } [ vpn-instance vpn-instance-name ]
| fqdn fqdn-name | user-fqdn user-fqdn-name } }
Default
No peer ID is configured for IKE profile matching.
Views
IKE profile view
Predefined user roles
network-admin
Parameters
certificate policy-name
profile matching. The
: Uses the specified information as the peer ID for IKE profile matching. The specified
identity
information is configured on the peer by using the
•
address ipv4-address [ mask | mask-length ]
subnet address as the peer ID for IKE profile matching. The value range for the
argument is 0 to 32, and the default is 32.
•
address range low-ipv4-address high-ipv4-address
addresses as the peer ID for IKE profile matching. The end address must be higher than the
start address.
•
address ipv6 ipv6-address [ prefix-length ]
IPv6 subnet address as the peer ID for IKE profile matching. The value range for the
prefix-length
•
address ipv6 range low-ipv6-address high-ipv6-address
IPv6 addresses as the peer ID for IKE profile matching. The end address must be higher than
the start address.
•
fqdn fqdn-name
fqdn-name
•
user-fqdn user-fqdn-name
matching. The
such as adc@test.com.
vpn-instance vpn-instance-name
specified address or addresses belong. The
instance name, a case-sensitive string of 1 to 31 characters. If the address or addresses belong to
the public network, do not specify this option.
Usage guidelines
When an end needs to select an IKE profile, it compares the peer's ID received with the peer IDs of
its local IKE profiles. If a match is found, it uses the IKE profile with the matching peer ID for IKE
negotiation.
Each IKE profile must have at least one peer ID configured. To make sure only one IKE profile is
matched for a peer, do not configure the same peer ID for two or more IKE profiles. If you configure
the same peer ID for two or more IKE profiles, which IKE profile is selected for IKE negotiation is
unpredictable.
For an IKE profile, you can configure multiple peer IDs. A peer ID configured earlier has a higher
priority.
Examples
# Create IKE profile prof1.
: Uses the DN in the peer's digital certificate as the peer ID for IKE
argument is a string of 1 to 31 characters.
policy-name
argument is 0 to 128, and the default is 128.
: Uses the peer's FQDN as the peer ID for IKE profile matching. The
argument is a case-sensitive string of 1 to 255 characters, such as www.test.com.
: Uses the peer's user FQDN as the peer ID for IKE profile
user-fqdn-name
local-identity
: Uses an IPv4 host address or an IPv4
: Uses an IPv6 host address or an
argument is a case-sensitive string of 1 to 255 characters,
: Specifies the MPLS L3VPN instance to which the
vpn-instance-name
31
command.
mask-length
: Uses a range of IPv4
: Uses a range of
argument represents the VPN
Advertisement
Chapters
Table of Contents
