1. Manuals
  2. Brands
  3. Juniper Manuals
  4. Software
  5. JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP SERVICES CONFIGURATION GUIDE...
  6. Configuration manual

Setting The Ike Peer Identity; Appending A Domain Suffix To A Username - Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP SERVICES CONFIGURATION GUIDE 2010-10-01 Configuration Manual

Software for e series broadband services routers ip services configuration guide
Hide thumbs
Table of Contents

Advertisement

ike peer-identity distinguished-name
ike peer-identity domain-name
ike peer-identity ip address
ike peer-identity username

Appending a Domain Suffix to a Username

Copyright © 2010, Juniper Networks, Inc.

Setting the IKE Peer Identity

To set the IKE peer identity values, use the ike peer-identity command. You can set the
profile to accept logins from users that present one of the following:
An asn1DN as an IKE identity type (an ASN.1-encoded distinguished name) and the
user-provided IKE identity contains the substring configured for the profile.
A userFQDN or FQDN as an IKE identity type and the domain name portion of the IKE
identity matches the domain name setting for this profile. An empty string (default)
means that IKE identity types of userFQDN and FQDN are not allowed for logins on
this profile.
The IKE identity type of userFQDN also carries a domain name. Users presenting this
identity must also pass any restrictions set for the peer domain name for this profile
before they are able to log in.
An IP address as an IKE identity type and the IP address resides within the specified
network. The default of 0.0.0.0/0 allows any peer IP address to this profile.
A userFQDN as an IKE identity type and the username portion of the IKE identity matches
the username setting for this profile. An empty string (default) means that an IKE
identity type of userFQDN is not allowed for logins on this profile.
NOTE: You can also use the wildcard (*) for the username and domain
name or as the first or last character in the username or domain name
string.
Use to set the IKE peer identity used for IKE security association (SA) negotiations.
Example
host1(config-ipsec-tunnel-profile)#ike peer-identity domain-name domain2
Use the no version to remove the specified IKE peer identity.
See ike peer-identity distinguished-name.
See ike peer-identity domain-name.
See ike peer-identity ip address.
See ike peer-identity username.
The VPN to which a user is to be terminated is sometimes known from the IKE identities
attached to the user. However, to assist in connecting users to the correct AAA domain
Chapter 6: Configuring Dynamic IPSec Subscribers
175

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP SERVICES CONFIGURATION GUIDE 2010-10-01 and is the answer not in the manual?

Questions and answers

Related Manuals for Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP SERVICES CONFIGURATION GUIDE 2010-10-01

Related Content for Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP SERVICES CONFIGURATION GUIDE 2010-10-01

This manual is also suitable for:

Junose 11.3

Table of Contents