authentication-method

Use authentication-method to specify an authentication method to be used in an IKE proposal.

Use undo authentication-method to restore the default.

Syntax

authentication-method { dsa-signature | pre-share | rsa-signature }

undo authentication-method

Default

The IKE proposal uses the pre-shared key as the authentication method.

Views

IKE proposal view

Predefined user roles

network-admin

mdc-admin

Parameters

dsa-signature: Specifies the DSA signatures as the authentication method.

pre-share: Specifies the pre-shared key as the authentication method.

rsa-signature: Specifies the RSA signatures as the authentication method.

Usage guidelines

Pre-shared key authentication does not require certificates as signature authentication does, and it is usually used in a simple network. Signature authentication provides higher security, and it is usually deployed in a large-scale network, such as a network with many branches. In a network with many branches, using pre-shared key authentication requires the headquarters to configure a pre-shared key for each branch. Using signature authentication only requires the headquarters to configure one PKI domain.

Authentication methods configured on both IKE ends must match.

If you specify RSA or DSA signatures, you must configure the IKE peer to obtain certificates from a CA.

If you specify pre-shared keys, you must configure these pre-shared keys on both IKE ends.

Examples

# Specify the pre-shared key authentication method for IKE proposal 1.

<Sysname> system-view
[Sysname] ike proposal 1
[Sysname-ike-proposal-1] authentication-method pre-share

Related commands

display ike proposal

ike keychain

pre-shared-key