No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

AR500, AR510, and AR530 V200R007 Commands Reference

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
ike remote-id

ike remote-id

Function

The ike remote-id command configures a VPN instance that IPSec tunnel traffic belongs to according to the remote ID of an IKE peer.

The undo ike remote-id command deletes a VPN instance that IPSec tunnel traffic belongs to according to the remote ID of an IKE peer.

By default, a VPN instance that IPSec tunnel traffic belongs to is not configured on an IKE peer.

NOTE:

Only the AR509GW-L-D-H, AR503GW-LM7, AR503GW-LcM7, and AR509G-L-D-H support this command.

Format

ike remote-id remote-id vpn-instance vpn-instance-name

undo ike remote-id remote-id vpn-instance

Parameters

Parameter

Description

Value

remote-id

Specifies the remote ID of an IKE peer. The values are as follows:
  • Distinguished name (DN)
  • Fully qualified domain name (FQDN)
  • User-FQDN

The value is a string of 1 to case-sensitive characters without question marks (?) and spaces.

vpn-instance vpn-instance-name

Specifies the name of the VPN instance that IPSec tunnel traffic belongs to.

The VPN instance name must have been created.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

During IPSec SA negotiation, if the IPSec policy template and ike remote-id are configured in the headquarters, you can run this command to configure a VPN instance that IPSec tunnel traffic belongs to according to the remote ID of an IKE peer, thereby isolating traffic of different branches. The remote ID identifies the branch gateway.

Prerequisites

The VPN instance has been created using the ip vpn-instance command and the route distinguisher (RD) has been configured for the VPN instance using the route-distinguisher command.

Precautions

  • The configured remote ID must be the same as the remote ID.
    • If the remote ID type is DN, the remote ID must be the same as the digital certificate title of the remote end. You can run the display pki peer-certificate command to view the Subject field.
    • If the remote ID type is FQDN, the remote ID must be the same as the remote name of an IKE peer by the ike local-name command.
    • If the remote ID type is User-FQDN, the remote ID must be the same as the remote domain name of an IKE peer by the ike local-name command.

Example

# Configure the VPN instance vpna for IPSec tunnel traffic of the IKE peer with the remote ID (DN type) of CN=ipsec.

<Huawei> system-view
[Huawei] ip vpn-instance vpna
[Huawei-vpn-instance-vpna] ipv4-family
[Huawei-vpn-instance-vpna-af-ipv4] route-distinguisher 100:1
[Huawei-vpn-instance-vpna-af-ipv4] quit
[Huawei-vpn-instance-vpna] quit
[Huawei] ike remote-id CN=ipsec vpn-instance vpna
Translation
Download
Updated: 2019-05-29

Document ID: EDOC1000097293

Views: 50763

Downloads: 102

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next