identity local

Use identity local to configure the local ID, the ID that the device uses to identify itself to the peer during IKEv2 negotiation..

Use undo identity local to restore the default.

Syntax

identity local { address { ipv4-address | ipv6 ipv6-address } | dn | email email-string | fqdn fqdn-name | key-id key-id-string }

undo identity local

Default

No local ID is configured. The IP address of the interface to which the IPsec policy is applied is used as the local ID.

Views

IKEv2 profile view

Predefined user roles

network-admin

mdc-admin

Parameters

address { ipv4-address | ipv6 ipv6-address }: Uses an IPv4 or IPv6 address as the local ID.

dn: Uses the DN in the local certificate as the local ID.

email email-string: Uses an email address as the local ID. The email-string argument is a case-sensitive string of 1 to 255 characters in the format defined by RFC 822, such as sec@abc.com.

fqdn fqdn-name: Uses an FQDN as the local ID. The fqdn-name argument is a case-sensitive string of 1 to 255 characters, such as www.test.com.

key-id key-id-string: Uses the device's key ID as the local ID. The key-id-string argument is a case-sensitive string of 1 to 255 characters, and is usually a vendor-specific string for doing proprietary types of identification.

Usage guidelines

Peers exchange local IDs for identifying each other in negotiation.

Examples

# Create an IKEv2 profile named profile1.

<Sysname> system-view
[Sysname] ikev2 profile profile1

# Use IP address 2.2.2.2 as the local ID.

[Sysname-ikev2-profile-profile1] identity local address 2.2.2.2

Related commands

peer