[x]

IKE commands > pre-shared-key

 

 Next

pre-shared-key

Use pre-shared-key to configure a pre-shared key.

Use undo pre-shared-key to delete a pre-shared key.

Syntax

In non-FIPS mode:

pre-shared-key { address { ipv4-address [ mask | mask-length ] | ipv6 ipv6-address [ prefix-length ] } | hostname host-name } key { cipher | simple } string

undo pre-shared-key { address { ipv4-address [ mask | mask-length ] | ipv6 ipv6-address [ prefix-length ] } | hostname host-name }

In FIPS mode:

pre-shared-key { address { ipv4-address [ mask | mask-length ] | ipv6 ipv6-address [ prefix-length ] } | hostname host-name } key [ cipher string ]

undo pre-shared-key { address { ipv4-address [ mask | mask-length ] | ipv6 ipv6-address [ prefix-length ] } | hostname host-name }

Default

No pre-shared key is configured.

Views

IKE keychain view

Predefined user roles

network-admin

mdc-admin

Parameters

address: Specifies a peer by its address.

ipv4-address: Specifies the IPv4 address of the peer.

mask: Specifies the mask in dotted decimal notation. The default mask is 255.255.255.255.

mask-length: Specifies the mask length in the range of 0 to 32. The default mask length is 32.

ipv6: Specifies an IPv6 peer.

ipv6-address: Specifies the IPv6 address of the peer.

prefix-length: Specifies the prefix length in the range of 0 to 128. The default prefix length is 128.

hostname host-name: Specifies a peer by its hostname, a case-sensitive string of 1 to 255 characters.

key: Specifies a pre-shared key.

cipher: Specifies a pre-shared key in encrypted form.

simple: Specifies a pre-shared key in plaintext form. For security purposes, the key specified in plaintext form will be stored in encrypted form.

string: Specifies the pre-shared key. The key is case sensitive. In non-FIPS mode, its plaintext form is a string of 1 to 128 characters and its encrypted form is a string of 1 to 201 characters. In FIPS mode, its plaintext form is a string of 1 to 128 characters and its encrypted form is a string of 15 to 201 characters.

Usage guidelines

The address option or the hostname option specifies the peer with which the device can use the pre-shared key to perform IKE negotiation.

Two peers must be configured with the same pre-shared key to pass pre-shared key authentication.

In FIPS mode, if you do not specify the cipher string option, you specify a plaintext pre-shared key in interactive mode. The key is a case-sensitive string of 15 to 128 characters, and it must contain uppercase and lowercase letters, digits, and special characters other than the question mark (?). In non-FIPS mode, this command does not support configuring a pre-shared key in interactive mode.

Examples

# Create IKE keychain key1 and enter IKE keychain view.

<Sysname> system-view
[Sysname] ike keychain key1

# Set the pre-shared key to be used for IKE negotiation with peer 1.1.1.2 to 123456TESTplat&!.

[Sysname-ike-keychain-key1] pre-shared-key address 1.1.1.2 255.255.255.255 key simple 123456TESTplat&!

Related commands

authentication-method

keychain

prev

 

up

 next

match remote 

home

 priority (IKE keychain view)

© Copyright 2018 Hewlett Packard Enterprise Development LP