[x]

IKE commands > match local address (IKE keychain view)

 

 Next

match local address (IKE keychain view)

Use match local address to specify a local interface or IP address to which an IKE keychain can be applied.

Use undo match local address to restore the default.

Syntax

match local address { interface-type interface-number | { ipv4-address | ipv6 ipv6-address } [ vpn-instance vpn-instance-name ] }

undo match local address

Default

An IKE keychain can be applied to any local interface or IP address.

Views

IKE keychain view

Predefined user roles

network-admin

mdc-admin

Parameters

interface-type interface-number: Specifies a local interface. It can be any Layer 3 interface.

ipv4-address: Specifies the IPv4 address of a local interface.

ipv6 ipv6-address: Specifies the IPv6 address of a local interface.

vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance to which the IPv4 or IPv6 address belongs. The vpn-instance-name argument represents the VPN instance name, a case-sensitive string of 1 to 31 characters. If the IPv4 or IPv6 address belongs to the public network, do not specify this option.

Usage guidelines

Use this command to specify which address or interface can use the IKE keychain for IKE negotiation. Specify the local address configured in IPsec policy or IPsec policy template view (using the local-address command) for this command. If no local address is configured, specify the IP address of the interface that uses the IPsec policy.

You can specify a maximum of six IKE keychains for an IKE profile. An IKE keychain specified earlier has a higher priority. To give an IKE keychain a higher priority, you can configure this command for the keychain. For example, suppose you specified IKE keychain A before specifying IKE keychain B, and you configured the peer ID 2.2.0.0/16 for IKE keychain A and the peer ID 2.2.2.0/24 for IKE keychain B. For the local interface with the IP address 3.3.3.3 to negotiate with the peer 2.2.2.6, IKE keychain A is preferred because IKE keychain A was specified earlier. To use IKE keychain B, you can use this command to restrict the application scope of IKE keychain B to address 3.3.3.3.

Examples

# Create IKE keychain key1.

<Sysname> system-view
[Sysname] ike keychain key1

# Apply IKE keychain key1 to IP address 2.2.2.2.

[sysname-ike-keychain-key1] match local address 2.2.2.1

# Apply IKE keychain key1 to the interface with IP address 2.2.2.2 in VPN instance vpn1.

[sysname-ike-keychain-key1] match local address 2.2.2.2 vpn-instance vpn1

prev

 

up

 next

local-identity 

home

 match local address (IKE profile view)

© Copyright 2018 Hewlett Packard Enterprise Development LP