[x]

IKEv2 commands > authentication-method

 

 Next

authentication-method

Use authentication-method to specify the local or remote identity authentication method.

Use undo authentication-method to remove the local or remote identity authentication method.

Syntax

authentication-method { local | remote } { dsa-signature | ecdsa-signature | pre-share | rsa-signature }

undo authentication-method local

undo authentication-method remote { dsa-signature | ecdsa-signature | pre-share | rsa-signature }

Default

No local or remote identity authentication method is specified.

Views

IKEv2 profile view

Predefined user roles

network-admin

mdc-admin

Parameters

local: Specifies the local identity authentication method.

remote: Specifies the remote identity authentication method.

dsa-signature: Specifies the DSA signatures as the identity authentication method.

ecdsa-signature: Specifies the ECDSA signatures as the identity authentication method.

pre-share: Specifies the pre-shared key as the identity authentication method.

rsa-signature: Specifies the RSA signatures as the identity authentication method.

Usage guidelines

The local and remote identity authentication methods must both be specified and they can be different.

You can specify only one local identity authentication method. You can specify multiple remote identity authentication methods by executing this command multiple times when there are multiple remote ends whose authentication methods are unknown.

If you use RSA, DSA, or ECDSA signature authentication, you must specify PKI domains for obtaining certificates. You can specify PKI domains by using the certificate domain command in IKEv2 profile view. If you do not specify PKI domains in IKEv2 profile view, the PKI domains configured by the pki domain command in system view will be used.

If you specify the pre-shared key method, you must specify a pre-shared key for the IKEv2 peer in the keychain used by the IKEv2 profile.

Examples

# Create an IKEv2 profile named profile1.

<Sysname> system-view
[Sysname] ikev2 profile profile1

# Specify the pre-shared key and RSA signatures as the local and remote authentication methods, respectively.

[Sysname-ikev2-profile-profile1] authentication local pre-share
[Sysname-ikev2-profile-profile1] authentication remote rsa-signature

# Specify PKI domain genl as the PKI domain for obtaining certificates.

[Sysname-ikev2-profile-profile1] certificate domain genl

# Specify IKEv2 keychain keychain1.

[Sysname-ikev2-profile-profile1] keychain keychain1

Related commands

display ikev2 profile

certificate domain (IKEv2 profile view)

keychain (IKEv2 profile view)

prev

 

up

 next

address 

home

 certificate domain

© Copyright 2018 Hewlett Packard Enterprise Development LP