No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

AR500, AR510, and AR530 V200R007 Commands Reference

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
display ike peer

display ike peer

Function

The display ike peer command displays the IKE peer configuration.

Format

display ike peer [ name peer-name ] [ verbose ]

Parameters

Parameter

Description

Value

name peer-name

Specifies the name of an IKE peer.

The value is an existing IKE peer name.

verbose

Displays detailed IKE peer information.

-

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

None

Example

# Display information about all IKE peers.

<Huawei> display ike peer
Number of IKE peers: 2                                                          
                                                                                
                                                                                
  Peer name       Exchange    Remote         NAT                                
                  mode        name           traversal                          
-------------------------------------------------------                         
  rut1            Main        rut2           Disable                            
                                                                                
  peer1           Main        peer2          Disable                            
Table 10-15  Description of the display ike peer command output

Item

Description

Peer name

Name of an IKE peer. To configure an IKE peer, run the ike peer command.

Exchange mode

IKEv1 negotiation mode:
  • Main
  • Aggressive
  • -: Not supported, indicating that IKEv2 is used.
To configure a negotiation mode, run the exchange-mode command.

Remote name

Remote name used in IKE negotiation. To configure the remote name used in IKE negotiation, run the remote-name command. When the local-id-type name command is used, the local name is used for IKE negotiation. If ike local-name is not configured on the remote end, the name specified by the sysname command is used for IKE negotiation.

NAT traversal

Whether NAT traversal is enabled. To enable NAT traversal, run the nat traversal command.

# Display detailed information about all IKE peers.

<Huawei> display ike peer verbose
Number of IKE peers: 3                                                          
                                                                                
------------------------------------------                                      
   Peer name                  : peer2                                           
   IKE version                : Version two                                     
   Pre-shared-key             : huawei                                          
   Proposal                   : 5   
   Local ID type              : IP                                              
   DPD                        : Disable                                         
   DPD mode                   : Periodic                                        
   DPD idle time              : 30                                              
   DPD retransmit interval    : 15                                              
   DPD retry limit            : 3                                               
   Peer ID type               :                                                 
   Host name                  :                                                 
   Peer IP address            : 60.1.1.2(active)                                
   Host name                  :                                                 
   Peer IP address            : 60.1.2.2                                        
   VPN name                   :                                                 
   Local IP address           :
   Local name                 :                                                 
   Remote name                :                                                 
   NAT-traversal              : Enable                                         
   PKI realm                  : NULL                                            
   Inband OCSP                : Disable                                         
   Config-exchange-request    : Disable                                         
   Config-exchange-set send   : Disable                                         
   Config-exchange-set accept : Disable                                         
   Route accept any           : Disable                                         
   Route preference           : -                                               
   Route tag                  : -                                               
------------------------------------------                                      
                                                                                
------------------------------------------                                      
   Peer name                  : peer1                                           
   IKE version                : Version one                                     
   Exchange mode              : main on phase 1                                 
   Pre-shared-key             : huawei                                          
   Local ID type              : IP                                              
   DPD                        : Disable                                         
   DPD mode                   : Periodic                                        
   DPD idle time              : 30                                              
   DPD retransmit interval    : 15                                              
   DPD retry limit            : 3                                               
   Host name                  :                                                 
   Peer IP address            :                                                 
   Host name                  :                                                 
   Peer IP address            :                                                 
   VPN name                   :                                                 
   Local IP address           :
   Local name                 :                                                 
   Remote name                :                                                 
   NAT-traversal              : Enable                                         
   PKI realm                  : NULL                                            
   Lifetime notification      : Disable
   AAA authorization          : Enable
   AAA authorization domain   : rds
------------------------------------------                                      
                                                                                
Table 10-16  Description of the display ike peer verbose command output

Item

Description

Peer name

Name of an IKE peer. To configure an IKE peer, run the ike peer command.

IKE version

IKE version configured:
  • Version one: IKEv1
  • Version two: IKEv2

Exchange mode

IKEv1 negotiation mode:
  • Main
  • Aggressive
  • -: Not supported, indicating that IKEv2 is used.
To configure a negotiation mode, run the exchange-mode command.

Pre-shared-key

Pre-shared key used in pre-shared key authentication. When an IKE proposal referenced by an IKE peer uses pre-shared key authentication, the pre-shared key is used for identity authentication. To configure a pre-shared key, run the pre-shared-key command.

Proposal

Name of an IKE proposal referenced by the IKE peer. To reference an IKE proposal, run the ike-proposal command.

Local ID type

Local ID type in IKE negotiation. To set the local ID type, run the local-id-type command.

DPD

Whether DPD is enabled. To enable DPD, run the dpd type command.

DPD mode

DPD mode:
  • Periodic
  • On-Demand
To configure a DPD mode, run the dpd type command.

DPD idle time

DPD idle time. To set the DPD idle time, run the dpd idle-time command.

DPD retransmit interval

DPD packet retransmission interval. To set the DPD packet retransmission interval, run the dpd retransmit-interval command.

DPD retry limit

DPD packet retransmission count. To set the DPD packet retransmission count, run the dpd retry-limit command.

Peer ID type

Peer ID type for IKE negotiation. To specify the peer ID type, run the peer-id-type command.

Host name

Domain name of the remote IKE peer. To configure a domain name of the remote IKE peer, run the remote-address host-name command.

When active is displayed in the command output, the headquarters provides two devices for branch access and the headquarters gateway with this domain name successfully establishes an IKE connection with the branch gateway.

Peer IP address

IP address of the remote IKE peer. To configure an IP address of the remote IKE peer, run the remote-address ip-address command. You can configure either the domain name or IP address of the remote IKE peer.

When active is displayed in the command output, the headquarters provides two devices for branch access and the headquarters gateway with this IP address successfully establishes an IKE connection with the branch gateway.

VPN name

Name of the VPN instance bound to the IKE peer. To bind a VPN instance to an IKE peer, run the sa binding vpn-instance (IKE peer view) command.

Local IP address

Local IP address used in IKE negotiation. Generally, you do not need to configure the local IP address. By default, the system selects an outbound interface according to a route and uses the IP address of the outbound interface as the local IP address. To configure the local IP address, run the local-address command.

Local name

Local name used in IKE negotiation. To set the local name used in IKE negotiation, run the ike local-name command. If ike local-name is not configured on the local end, the name specified by the sysname command is used for IKE negotiation.

Remote name

Remote name used in IKE negotiation. To configure the remote name used in IKE negotiation, run the remote-name command. When the local-id-type name command is used, the local name is used for IKE negotiation. If ike local-name is not configured on the remote end, the name specified by the sysname command is used for IKE negotiation.

NAT-traversal

Whether NAT traversal is enabled. To enable NAT traversal, run the nat traversal command.

DPD request message

Number of DPD request messages sent by the local end to the remote end. This field is available only when DPD is enabled using the dpd type command.

DPD Ack message

Number of DPD Ack messages received by the local end from the remote end. This field is available only when DPD is enabled using the dpd type command.

DPD fail time

Number of failures for the local end to receive DPD Ack messages from the remote end. This field is available only when DPD is enabled using the dpd type command.

PKI realm

PKI domain bound to the IKE peer. To bind a PKI domain to an IKE peer, run the pki realm command.

Inband OCSP

Whether OCSP is enabled for the IKE peer. This function is only supported by IKEv2. To enable OCSP for an IKE peer, run the inband ocsp command.

Config-exchange-request

Whether requesting of subnet route information of the peer is enabled. This function is only supported by IKEv2. To enable this function, run the config-exchange request command.

Config-exchange-set send

Whether sending of subnet route information to the peer is enabled. This function is only supported by IKEv2. To enable this function, run the config-exchange set send command.

Config-exchange-set accept

Whether accepting of subnet route information from the peer is enabled. This function is only supported by IKEv2. To enable this function, run the config-exchange set accept command.

Route accept any

Whether generating of a route based on the received subnet route information is enabled. This function is only supported by IKEv2. To enable this function, run the route accept [ preference preference-number ] [tag tag-value ] command.

Route preference

Priority of the route generated based on the received subnet route information.

Route tag

Tag value of the route generated based on the received subnet route information.

Lifetime notification

Whether the device can send IKE SA lifetime notification messages. To enable this function, run the lifetime-notification-message enable command.

Resource ACL number

Number of the delivered ACL. This function is supported by IKEv1 only. This field is available only when ACL delivery is enabled using the resource acl command.

AAA authorization

Whether AAA RADIUS authorization is enabled. To enable AAA RADIUS authorization, run the aaa authorization command.

AAA authorization domain

Authorization domain name. To specify the authorization domain name, run the aaa authorization command.

Related Topics
Translation
Download
Updated: 2019-05-29

Document ID: EDOC1000097293

Views: 48599

Downloads: 102

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next