Download Print this page

HP 6125XLG Configuration Manual: Configuring The Global Identity Information; Configuring The Ike Keepalive Function

R2306-hp 6125xlg blade switch security configuration guide.
Hide thumbs


(Optional.) Specify a local
interface or IP address that
the IKE keychain can be
applied to.
(Optional.) Specify a
priority for the IKE keychain.

Configuring the global identity information

Follow these guidelines when you configure the global identity information for the local IKE.
The global identity can be used by the device for all IKE SA negotiations, and the local identity (set
by the local-identity command) can be used only by the device that uses the IKE profile.
When signature authentication is used, you can set any type of the identity information.
When pre-shared key authentication is used, you cannot set the DN as the identity.
To configure the global identity information:
Enter system view.
Configure the global identity
to be used by the local.
(Optional.) Configure the
local device to always obtain
the identity information from
the local certificate for
signature authentication.

Configuring the IKE keepalive function

IKE sends keepalive packets to query the liveness of the peer. If the peer is configured with the keepalive
timeout time, you must configure the keepalive interval at the local. If the peer receives no keepalive
packets during the timeout time, the IKE SA is deleted along with the IPsec SAs it negotiated.
Follow these guidelines when you configure the IKE keepalive function:
match local address { interface-type
interface-number | { ipv4-address |
ipv6 ipv6-address } [ vpn-instance
vpn-name ] }
priority number
ike identity { address
{ ipv4-address | ipv6
ipv6-address } | dn | fqdn
[ fqdn-name ] | user-fqdn
[ user-fqdn-name ] }
ike signature-identity
By default, an IKE keychain can
be applied to any local interface
or IP address.
The default priority is 100.
By default, the IP address of the
interface where the IPsec policy or
IPsec policy template applies is used
as the IKE identity.
By default, the local end uses the
identity information specified by
local-identity or ike identity for
signature authentication.
Configure the command on the local
device that initiates aggressive IKE SA
negotiations that use signature
authentication for compatibility with
the peer device running a Comware
V5-based release. Such release
supports only DN for signature



   Related Manuals for HP 6125XLG

Comments to this Manuals

Symbols: 0
Latest comments: