identity local
Use identity local to configure the local ID, the ID that the device uses to identify itself to the peer during IKEv2 negotiation..
Use undo identity local to restore the default.
Syntax
identity local { address { ipv4-address | ipv6 ipv6-address } | dn | email email-string | fqdn fqdn-name | key-id key-id-string }
undo identity local
Default
No local ID is configured. The IP address of the interface to which the IPsec policy is applied is used as the local ID.
Views
IKEv2 profile view
Predefined user roles
network-admin
mdc-admin
Parameters
address { ipv4-address | ipv6 ipv6-address }: Uses an IPv4 or IPv6 address as the local ID.
dn: Uses the DN in the local certificate as the local ID.
email email-string: Uses an email address as the local ID. The email-string argument is a case-sensitive string of 1 to 255 characters in the format defined by RFC 822, such as sec@abc.com.
fqdn fqdn-name: Uses an FQDN as the local ID. The fqdn-name argument is a case-sensitive string of 1 to 255 characters, such as www.test.com.
key-id key-id-string: Uses the device's key ID as the local ID. The key-id-string argument is a case-sensitive string of 1 to 255 characters, and is usually a vendor-specific string for doing proprietary types of identification.
Usage guidelines
Peers exchange local IDs for identifying each other in negotiation.
Examples
# Create an IKEv2 profile named profile1.
<Sysname> system-view [Sysname] ikev2 profile profile1
# Use IP address 2.2.2.2 as the local ID.
[Sysname-ikev2-profile-profile1] identity local address 2.2.2.2
Related commands
peer