Table of Contents
Advertisement
match remote
Use
match remote
Use
undo match remote
Syntax
match remote { certificate policy-name | identity { address { { ipv4-address
[ mask | mask-length ] | range low-ipv4-address high-ipv4-address } | ipv6
{
ipv6-address
high-ipv6-address } } | fqdn fqdn-name | email email-string | key-id
key-id-string } }
undo
match
{ { ipv4-address [ mask |mask-length ] | range low-ipv4-address
high-ipv4-address } | ipv6 { ipv6-address [ prefix-length ] | range
low-ipv6-address
email-string | key-id key-id-string } }
Default
No matching peer ID is configured for the IKEv2 profile.
Views
IKEv2 profile view
Predefined user roles
network-admin
Parameters
certificate policy-name
for IKEv2 profile matching. The
control policy by its name, a case-insensitive string of 1 to 31 characters.
: Uses the specified information as the peer ID for IKEv2 profile matching. The specified
identity
information is configured on the peer by using the
•
address ipv4-address [ mask | mask-length ]
subnet address as the peer ID for IKEv2 profile matching. The value range for the
mask-length
•
address range low-ipv4-address high-ipv4-address
addresses as the peer ID for IKEv2 profile matching. The end address must be higher than the
start address.
•
address ipv6 ipv6-address [ prefix-length ]
IPv6 subnet address as the peer ID for IKEv2 profile matching. The value range for the
prefix-length
•
address ipv6 range low-ipv6-address high-ipv6-address
addresses as the peer ID for IKEv2 profile matching. The end address must be higher than the
start address.
•
fqdn fqdn-name
fqdn-name
•
email email-string
The
email-string
defined by RFC 822, such as sec@abc.com.
to configure a peer ID that an IKEv2 profile matches.
to delete a peer ID that an IKEv2 profile matches.
[
prefix-length
remote { certificate policy-name | identity { address
high-ipv6-address
: Uses the information in the peer's digital certificate as the peer ID
policy-name
argument is 0 to 32, and the default is 32.
argument is 0 to 128, and the default is 128.
: Uses the peer's FQDN as the peer ID for IKEv2 profile matching. The
argument is a case-sensitive string of 1 to 255 characters, such as www.test.com.
: Uses peer's email address as the peer ID for IKEv2 profile matching.
argument is a case-sensitive string of 1 to 255 characters in the format
]
|
range
} }
|
fqdn
argument specifies a certificate-based access
identity local
: Uses an IPv4 host address or an IPv4
: Uses an IPv6 host address or an
32
low-ipv6-address
fqdn-name |
email
command.
: Uses a range of IPv4
: Uses a range of IPv6
Advertisement
Chapters
Table of Contents
