authentication-method
Use authentication-method to specify an authentication method to be used in an IKE proposal.
Use undo authentication-method to restore the default.
Syntax
authentication-method { dsa-signature | pre-share | rsa-signature }
undo authentication-method
Default
The IKE proposal uses the pre-shared key as the authentication method.
Views
IKE proposal view
Predefined user roles
network-admin
mdc-admin
Parameters
dsa-signature: Specifies the DSA signatures as the authentication method.
pre-share: Specifies the pre-shared key as the authentication method.
rsa-signature: Specifies the RSA signatures as the authentication method.
Usage guidelines
Pre-shared key authentication does not require certificates as signature authentication does, and it is usually used in a simple network. Signature authentication provides higher security, and it is usually deployed in a large-scale network, such as a network with many branches. In a network with many branches, using pre-shared key authentication requires the headquarters to configure a pre-shared key for each branch. Using signature authentication only requires the headquarters to configure one PKI domain.
Authentication methods configured on both IKE ends must match.
If you specify RSA or DSA signatures, you must configure the IKE peer to obtain certificates from a CA.
If you specify pre-shared keys, you must configure these pre-shared keys on both IKE ends.
Examples
# Specify the pre-shared key authentication method for IKE proposal 1.
<Sysname> system-view [Sysname] ike proposal 1 [Sysname-ike-proposal-1] authentication-method pre-share
Related commands
display ike proposal
ike keychain
pre-shared-key