H3C S6550X-HI Series Command Reference Manual page 2339

<Sysname> system-view
[Sysname] ikev2 profile profile1
# Specify PKI domain abc for signature. Specify PKI domain def for verification.
[Sysname-ikev2-profile-profile1] certificate domain abc sign
[Sysname-ikev2-profile-profile1] certificate domain def verify
Related commands
authentication-method
pki domain
config-exchange
Use
config-exchange
Use
undo config-exchange
Syntax
config-exchange { request | set { accept | send } }
undo config-exchange { request | set { accept | send } }
Default
Configuration exchange is disabled.
Views
IKEv2 profile view
Predefined user roles
network-admin
Parameters
: Enables the device to send request messages carrying the configuration request payload
request
during the IKE_AUTH exchange.
: Specifies the configuration set payload exchange.
set
: Enables the device to accept the configuration set payload carried in Info messages.
accept
: Enables the device to send Info messages carrying the configuration set payload.
send
Usage guidelines
The configuration exchange feature enables the local and remote ends to exchange configuration
data, such as gateway address, internal IP address, and route. The exchange includes data request
and response, and data push and response. The enterprise center can push IP addresses to
branches. The branches can request IP addresses, but the requested IP addresses cannot be used.
You can specify both
If you specify
data through AAA authorization.
If you specify
The device with
receive any configuration request from the peer.
Examples
# Create an IKEv2 profile named profile1.
<Sysname> system-view
(Security Command Reference)
to enable configuration exchange.
to disable configuration exchange.
and
request
for the local end, the remote end will respond if it can obtain the requested
request
for the local end, you must specify
set send
specified pushes an IP address after the IKEv2 SA is set up if it does not
set send
for the device.
set
5
for the remote end.
set accept