[x]

IKE commands > ike identity

 

 Next

ike identity

Use ike identity to specify the global identity used by the local end during IKE negotiations.

Use undo ike identity to restore the default.

Syntax

ike identity { address { ipv4-address | ipv6 ipv6-address }| dn | fqdn [ fqdn-name ] | user-fqdn [ user-fqdn-name ] }

undo ike identity

Default

The IP address of the interface where the IPsec policy applies is used as the IKE identity.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

address { ipv4-address | ipv6 ipv6-address }: Uses an IPv4 or IPv6 address as the identity.

dn: Uses the DN in the digital signature as the identity.

fqdn fqdn-name: Uses the FQDN name as the identity. The fqdn-name argument is a case-sensitive string of 1 to 255 characters, for example, www.test.com. If you do not specify this argument, the device name configured by using the sysname command is used as the local FQDN.

user-fqdn user-fqdn-name: Uses the user FQDN name as the identity. The user-fqdn-name argument is a case-sensitive string of 1 to 255 characters, for example, abc@test.com. If you do not specify this argument, the device name configured by using the sysname command is used as the user FQDN.

Usage guidelines

The global local identity can be used for all IKE SA negotiations. The local identity (set by the local-identity command for an IKE profile) can be used only for IKE SA negotiations that use the IKE profile.

If the local authentication method is signature authentication, you can set an identity of any type. If the local authentication method is pre-shared key authentication, you cannot set the DN as the identity.

The ike signature-identity from-certificate command sets the local device to always use the identity information obtained from the local certificate for signature authentication. If the ike signature-identity from-certificate command is not set, the local-identity command configuration, if configured, takes precedence over the ike identity command configuration.

Examples

# Specify IP address 2.2.2.2 as the identity.

<sysname> system-view
[sysname] ike identity address 2.2.2.2

Related commands

local-identity

ike signature-identity from-certificate

prev

 

up

 next

ike dpd 

home

 ike invalid-spi-recovery enable

© Copyright 2018 Hewlett Packard Enterprise Development LP