If the ike signature-identity from-certificate command is not configured, the local-identity command
configuration, if configured, takes precedence over the ike identity command configuration.
Examples
# Configure the local device to always obtain the identity information from the local certificate for
signature authentication.
<Sysname> system-view
[sysname] ike signature-identity from-certificate
Related commands
•
local-identity
ike identity
•
inside-vpn
Use inside-vpn to specify an inside VPN instance for an IKE profile.
Use undo inside-vpn to remove the inside VPN instance configuration.
Syntax
inside-vpn vpn-instance vpn-name
undo inside-vpn
Default
No inside VPN instance is specified for an IKE profile. The device looks for a route in the VPN instance
that is the same as the one on the external network.
Views
IKE profile view
Predefined user roles
network-admin
Parameters
vpn-instance vpn-name: Specifies the MPLS L3VPN to which the device forwards protected data. The
vpn-name argument is a case-sensitive string of 1 to 31 characters.
Examples
# Set the inside VPN instance to vpn1 for IKE profile prof1.
<Sysname> system-view
[Sysname] ike profile prof1
[Sysname-ike-profile-prof1] inside-vpn vpn-instance vpn1
keychain
Use keychain to specify an IKE keychain for pre-shared key authentication.
Use undo keychain to remove the IKE keychain reference.
Syntax
keychain keychain-name
295