remote-address

Use remote-address to configure the remote IP address for the IPsec tunnel.

Use undo remote-address to restore the default.

Syntax

remote-address { [ ipv6 ] host-name | ipv4-address | ipv6 ipv6-address }

undo remote-address { [ ipv6 ] host-name | ipv4-address | ipv6 ipv6-address }

Default

No remote IP address is configured for the IPsec tunnel.

Views

IPsec policy view

IPsec policy template view

Predefined user roles

network-admin

mdc-admin

Parameters

ipv6: Specifies the remote address or host name of an IPv6 IPsec tunnel. To specify the remote address or host name of an IPv4 IPsec tunnel, do not specify this keyword.

hostname: Specifies the remote host name, a case-insensitive string of 1 to 253 characters. The host name can be resolved to an IP address by the DNS server.

ipv4-address: Specifies a remote IPv4 address.

ipv6-address: Specifies a remote IPv6 address.

Usage guidelines

This remote IP address configuration is required on the IKE negotiation initiator and optional on the responder if the responder uses an IPsec policy template.

A manual IPsec policy does not support DNS. Therefore, you must specify a remote IP address rather than a remote host name for the manual IPsec policy.

If you configure a remote host name, make sure the local end can always resolve the host name into the latest IP address of the remote end.

For example, the local end has a static DNS entry which maps the host name test to the IP address 1.1.1.1. Configure the following commands:

# Configure the remote host name to test for the IPsec tunnel in the IPsec policy policy1.

[Sysname] ipsec policy policy1 1 isakmp
[Sysname-ipsec-policy-isakmp-policy1-1] remote-address test

# Change the IP address for the host test to 2.2.2.2.

[Sysname] ip host test 2.2.2.2

In this case, you must reconfigure the remote host name for the IPsec policy policy1 so that the local end can obtain the latest IP address of the remote host.

# Reconfigure the remote host name to test for the IPsec tunnel in the IPsec policy policy1.

[Sysname] ipsec policy policy1 1 isakmp
[Sysname -ipsec-policy-isakmp-policy1-1] remote-address test

Examples

# Specify remote IP address 10.1.1.2 for the IPsec tunnel.

<Sysname> system-view
[Sysname] ipsec policy policy1 10 manual
[Sysname-ipsec-policy-manual-policy1-10] remote-address 10.1.1.2

Related commands

ip host (Layer 3—IP Services Command Reference)

local-address