Table of Contents
Advertisement
Usage guidelines
Only the responder can look up an IKEv2 peer by ID in IKEv2 negotiation. The initiator does not know
the peer ID when initiating the IKEv2 negotiation, so it cannot use an ID for IKEv2 peer lookup.
Examples
# Create an IKEv2 keychain named key1.
<Sysname> system-view
[Sysname] ikev2 keychain key1
# Create an IKEv2 peer named peer1.
[Sysname-ikev2-keychain-key1] peer peer1
# Specify IPv4 address 1.1.1.2 as the ID of the IKEv2 peer.
[Sysname-ikev2-keychain-key1-peer-peer1] identity address 1.1.1.2
Related commands
ikev2 keychain
peer
identity local
Use
identity local
peer during IKEv2 negotiation..
Use
undo identity local
Syntax
identity local { address { ipv4-address | ipv6 ipv6-address } | dn | email
email-string | fqdn fqdn-name | key-id key-id-string }
undo identity local
Default
No local ID is configured. The IP address of the interface to which the IPsec policy is applied is used
as the local ID.
Views
IKEv2 profile view
Predefined user roles
network-admin
Parameters
address { ipv4-address | ipv6 ipv6-address }
local ID.
: Uses the DN in the local certificate as the local ID.
dn
email email-string
a case-sensitive string of 1 to 255 characters in the format defined by RFC 822, such as
sec@abc.com.
fqdn fqdn-name
string of 1 to 255 characters, such as www.test.com.
key-id key-id-string
argument is a case-sensitive string of 1 to 255 characters, and is usually a vendor-specific string for
doing proprietary types of identification.
to configure the local ID, the ID that the device uses to identify itself to the
to restore the default.
: Uses an email address as the local ID. The
: Uses an FQDN as the local ID. The
: Uses the device's key ID as the local ID. The
: Uses an IPv4 or IPv6 address as the
fqdn-name
19
argument is
email-string
argument is a case-sensitive
key-id-string
Advertisement
Chapters
Table of Contents
