87
case-sensitive string of 1 to 31 characters. If the IPv4 or IPv6 address belongs to the public network,
do not specify this option.
Usage guidelines
Use this command to specify which address or interface can use the IKE profile for IKE negotiation.
Specify the local address configured in IPsec policy or IPsec policy template view (using the
local-address
command) for this command. If no local address is configured, specify the IP
address of the interface that uses the IPsec policy.
An IKE profile configured earlier has a higher priority. To give an IKE profile that is configured later a
higher priority, you can configure this command for the profile. For example, suppose you configured
IKE profile A before configuring IKE profile B, and you configured the
match remote identity
address range 2.2.2.1 2.2.2.100
command for IKE profile A and the
match remote
identity address range 2.2.2.1 2.2.2.10
command for IKE profile B. For the local
interface with the IP address 3.3.3.3 to negotiate with the peer 2.2.2.6, IKE profile A is preferred
because IKE profile A was configured earlier. To use IKE profile B, you can use this command to
restrict the application scope of IKE profile B to address 3.3.3.3.
Examples
# Create IKE profile
prof1
.
<Sysname> system-view
[Sysname] ike profile prof1
# Apply IKE profile
prof1
to IP address 2.2.2.2.
[sysname-ike-profile-prof1] match local address 2.2.2.1
# Apply IKE profile
prof1
to the interface with IP address 2.2.2.2 in VPN instance
vpn1
.
[sysname-ike-profile-prof1] match local address 2.2.2.2 vpn-instance vpn1
match remote
Use
match remote
to configure a peer ID for IKE profile matching.
Use
undo match remote
to delete a peer ID for IKE profile matching.
Syntax
match
remote
{
certificate
policy-name
|
identity
{
address
{
{
ipv4-address
[
mask
|
mask-length
]
|
range
low-ipv4-address
high-ipv4-address
}
|
ipv6
{
ipv6-address
[
prefix-length
]
|
range
low-ipv6-address high-ipv6-address
}
}
[
vpn-instance
vpn-instance-name
]
|
fqdn
fqdn-name
|
user-fqdn
user-fqdn-name
}
}
undo
match remote
{
certificate policy-name
|
identity
{
address
{
{
ipv4-address
[
mask
|
mask-length
]
|
range
low-ipv4-address
high-ipv4-address
}
|
ipv6
{
ipv6-address
[
prefix-length
]
|
range
low-ipv6-address high-ipv6-address
}
}
[
vpn-instance
vpn-instance-name
]
|
fqdn
fqdn-name
|
user-fqdn
user-fqdn-name
}
}
Default
No peer ID is configured for IKE profile matching.
Views
IKE profile view
Predefined user roles
network-admin
Summary of Contents for SOHO IE4300
Page 285: ...i Contents Tcl commands 1 cli 1 tclquit 1 tclsh 2...
Page 288: ...i Contents Python commands 1 exit 1 python 1 python filename 2...
Page 291: ...i Contents Automatic configuration commands 1 autodeploy udisk enable 1...
Page 323: ...25 Sysname Ten GigabitEthernet1 0 51 undo shutdown Related commands irf port...
Page 465: ...ii stp vlan enable 55 vlan mapping modulo 55...
Page 602: ...12 Related commands display mvrp statistics...
Page 609: ...i Contents VLAN mapping commands 1 display vlan mapping 1 vlan mapping 2...
Page 678: ...9 Related commands reset pppoe relay statistics...
Page 846: ...i Contents Basic IP forwarding commands 1 display fib 1 ip forwarding table save 2...
Page 1770: ...i Contents Time range commands 1 display time range 1 time range 1...
Page 2026: ...34 Related commands display mac authentication...
Page 2028: ...ii...
Page 2143: ...i Contents User profile commands 1 display user profile 1 user profile 2...
Page 2308: ...61 ipsec transform set...
Page 2531: ...i Contents SAVI commands 1 ipv6 savi down delay 1 ipv6 savi log enable 1 ipv6 savi strict 2...
Page 2534: ...3 Sysname ipv6 savi strict Related commands ipv6 verify source...
Page 2791: ...14 Sysname track 1 Related commands delay display track...
Page 2939: ...9 sntp authentication keyid sntp reliable authentication keyid...
Page 2967: ...27 Related commands apply poe profile poe enable poe max power interface view poe priority...