remote-address
Use remote-address to configure the remote IP address for the IPsec tunnel.
Use undo remote-address to restore the default.
Syntax
remote-address { [ ipv6 ] host-name | ipv4-address | ipv6 ipv6-address }
undo remote-address { [ ipv6 ] host-name | ipv4-address | ipv6 ipv6-address }
Default
No remote IP address is configured for the IPsec tunnel.
Views
IPsec policy view
IPsec policy template view
Predefined user roles
network-admin
mdc-admin
Parameters
ipv6: Specifies the remote address or host name of an IPv6 IPsec tunnel. To specify the remote address or host name of an IPv4 IPsec tunnel, do not specify this keyword.
hostname: Specifies the remote host name, a case-insensitive string of 1 to 253 characters. The host name can be resolved to an IP address by the DNS server.
ipv4-address: Specifies a remote IPv4 address.
ipv6-address: Specifies a remote IPv6 address.
Usage guidelines
This remote IP address configuration is required on the IKE negotiation initiator and optional on the responder if the responder uses an IPsec policy template.
A manual IPsec policy does not support DNS. Therefore, you must specify a remote IP address rather than a remote host name for the manual IPsec policy.
If you configure a remote host name, make sure the local end can always resolve the host name into the latest IP address of the remote end.
If a DNS server is used for resolution, the local end queries the remote IP address again from the DNS server after the previously cached remote IP address expires. This mechanism ensures that the local end can always obtain the latest remote IP address.
If a static DNS entry is used for resolution, you must reconfigure the remote-address command whenever the remote IP address changes. Without the reconfiguration, the local end cannot obtain the latest remote IP address.
For example, the local end has a static DNS entry which maps the host name test to the IP address 1.1.1.1. Configure the following commands:
# Configure the remote host name to test for the IPsec tunnel in the IPsec policy policy1.
[Sysname] ipsec policy policy1 1 isakmp [Sysname-ipsec-policy-isakmp-policy1-1] remote-address test
# Change the IP address for the host test to 2.2.2.2.
[Sysname] ip host test 2.2.2.2
In this case, you must reconfigure the remote host name for the IPsec policy policy1 so that the local end can obtain the latest IP address of the remote host.
# Reconfigure the remote host name to test for the IPsec tunnel in the IPsec policy policy1.
[Sysname] ipsec policy policy1 1 isakmp [Sysname -ipsec-policy-isakmp-policy1-1] remote-address test
Examples
# Specify remote IP address 10.1.1.2 for the IPsec tunnel.
<Sysname> system-view [Sysname] ipsec policy policy1 10 manual [Sysname-ipsec-policy-manual-policy1-10] remote-address 10.1.1.2
Related commands
ip host (Layer 3—IP Services Command Reference)
local-address