1. Manuals
  2. Brands
  3. Juniper Manuals
  4. Software
  5. IP SERVICES - CONFIGURATION GUIDE V 11.1.X
  6. Configuration manual

Setting The Ike Peer Identity - Juniper IP SERVICES - CONFIGURATION GUIDE V 11.1.X Configuration Manual

Ip services configuration guide
Hide thumbs
Table of Contents

Advertisement

Setting the IKE Peer Identity

To set the IKE peer identity values, use the ike peer-identity command. You can set
the profile to accept logins from users that present one of the following:
NOTE: You can also use the wildcard (*) for the username and domain name or as
the first or last character in the username or domain name string.
ike peer-identity distinguished-name
ike peer-identity domain-name
ike peer-identity ip address
ike peer-identity username
Use to set the IKE local identity used for IKE security association (SA) negotiations.
Example
host1(config-ipsec-tunnel-profile)#ike local-identity domain-name domain1
Use the no version to remove the specified IKE local identity.
See ike local-identity.
An asn1DN as an IKE identity type (an ASN.1-encoded distinguished name) and
the user-provided IKE identity contains the substring configured for the profile.
A userFQDN or FQDN as an IKE identity type and the domain name portion of
the IKE identity matches the domain name setting for this profile. An empty
string (default) means that IKE identity types of userFQDN and FQDN are not
allowed for logins on this profile.
The IKE identity type of userFQDN also carries a domain name. Users presenting
this identity must also pass any restrictions set for the peer domain name for
this profile before they are able to log in.
An IP address as an IKE identity type and the IP address resides within the
specified network. The default of 0.0.0.0/0 allows any peer IP address to this
profile.
A userFQDN as an IKE identity type and the username portion of the IKE identity
matches the username setting for this profile. An empty string (default) means
that an IKE identity type of userFQDN is not allowed for logins on this profile.
Use to set the IKE peer identity used for IKE security association (SA) negotiations.
Example
host1(config-ipsec-tunnel-profile)#ike peer-identity domain-name domain2
Use the no version to remove the specified IKE peer identity.
See ike peer-identity distinguished-name.
Chapter 6: Configuring Dynamic IPSec Subscribers
Configuring IPSec Tunnel Profiles
183

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the IP SERVICES - CONFIGURATION GUIDE V 11.1.X and is the answer not in the manual?

Questions and answers

Related Manuals for Juniper IP SERVICES - CONFIGURATION GUIDE V 11.1.X

Related Content for Juniper IP SERVICES - CONFIGURATION GUIDE V 11.1.X

This manual is also suitable for:

Junose 11.1.x ip servicesJunose v 11.1

Table of Contents