99
[Sysname] ikev2 profile profile1
# Specify PKI domain
abc
for signature. Specify PKI domain
def
for verification.
[Sysname-ikev2-profile-profile1] certificate domain abc sign
[Sysname-ikev2-profile-profile1] certificate domain def verify
Related commands
authentication-method
pki domain
config-exchange
Use
config-exchange
to enable configuration exchange.
Use
undo config-exchange
to disable configuration exchange.
Syntax
config-exchange
{
request
|
set
{
accept
|
send
}
}
undo config-exchange
{
request
|
set
{
accept
|
send
}
}
Default
Configuration exchange is disabled.
Views
IKEv2 profile view
Predefined user roles
network-admin
Parameters
request
: Enables the device to send request messages carrying the configuration request payload
during the IKE_AUTH exchange.
set
: Specifies the configuration set payload exchange.
accept
: Enables the device to accept the configuration set payload carried in Info messages.
send
: Enables the device to send Info messages carrying the configuration set payload.
Usage guidelines
The configuration exchange feature enables the local and remote ends to exchange configuration
data, such as gateway address, internal IP address, and route. The exchange includes data request
and response, and data push and response. The enterprise center can push IP addresses to
branches. The branches can request IP addresses, but the requested IP addresses cannot be used.
You can specify both
request
and
set
for the device.
If you specify
request
for the local end, the remote end will respond if it can obtain the requested
data.
If you specify
set send
for the local end, you must specify
set accept
for the remote end.
The device with
set send
specified pushes an IP address after the IKEv2 SA is set up if it does not
receive any configuration request from the peer.
Examples
# Create an IKEv2 profile named
profile1
.
<Sysname> system-view
[Sysname] ikev2 profile profile1
Summary of Contents for SOHO IE4300
Page 285: ...i Contents Tcl commands 1 cli 1 tclquit 1 tclsh 2...
Page 288: ...i Contents Python commands 1 exit 1 python 1 python filename 2...
Page 291: ...i Contents Automatic configuration commands 1 autodeploy udisk enable 1...
Page 323: ...25 Sysname Ten GigabitEthernet1 0 51 undo shutdown Related commands irf port...
Page 465: ...ii stp vlan enable 55 vlan mapping modulo 55...
Page 602: ...12 Related commands display mvrp statistics...
Page 609: ...i Contents VLAN mapping commands 1 display vlan mapping 1 vlan mapping 2...
Page 678: ...9 Related commands reset pppoe relay statistics...
Page 846: ...i Contents Basic IP forwarding commands 1 display fib 1 ip forwarding table save 2...
Page 1770: ...i Contents Time range commands 1 display time range 1 time range 1...
Page 2026: ...34 Related commands display mac authentication...
Page 2028: ...ii...
Page 2143: ...i Contents User profile commands 1 display user profile 1 user profile 2...
Page 2308: ...61 ipsec transform set...
Page 2531: ...i Contents SAVI commands 1 ipv6 savi down delay 1 ipv6 savi log enable 1 ipv6 savi strict 2...
Page 2534: ...3 Sysname ipv6 savi strict Related commands ipv6 verify source...
Page 2791: ...14 Sysname track 1 Related commands delay display track...
Page 2939: ...9 sntp authentication keyid sntp reliable authentication keyid...
Page 2967: ...27 Related commands apply poe profile poe enable poe max power interface view poe priority...