No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

AR500, AR510, and AR530 V200R007 Commands Reference

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
local-id-type

local-id-type

Function

The local-id-type command sets the type of the local ID used in IKE negotiation.

By default, the IP address of the local end is used as the local ID.

Format

local-id-type { dn | ip | key-id | name | user-fqdn }

Parameters

Parameter

Description

Value

dn

Uses the distinguished name (DN) as the local ID.

-

ip

Uses the IP address of the local end as the local ID.

-

key-id

Uses the key-id as the local ID.

NOTE:
This parameter takes effect only in the Efficient VPN policy view.

-

name

Uses the host name of the local end as the local ID.

-

user-fqdn

Uses the user domain name as the local ID during IKE negotiation.

-

Views

IKE peer view, Efficient VPN policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

In the IKE peer or Efficient VPN policy, the local end checks whether its local ID matches the remote ID of the remote end.

  • When local-id-type dn is used, the local DN is used for IKE negotiation.

    When local-id-type dn is used, RSA signature authentication is used. That is, rsa-signature in the authentication-method command of the referenced IKE proposal must be specified.

  • When local-id-type ip is used, the local IP address is used for IKE negotiation.

    This parameter is often used when the device works in IKEv1 main mode.

  • When local-id-type key-id is used, the local key-id is used for IKE negotiation.

    This parameter is often used when the device using the Efficient VPN policy functions as a remote end to communicate with Cisco devices.

  • When local-id-type name is used, the local name is used for IKE negotiation.

    This parameter is often used when the device works in IKEv1 aggressive mode.

  • When local-id-type user-fqdn is used, the user domain name is used for IKE negotiation.

    This parameter is used when the device sets up an IPSec tunnel with a PC or another device.

    When the user-fqdn parameter is used, it must be the same as the local name specified by the ike local-name command.

Precautions

In IKEv1, the local and remote ID types must be the same.

When IKEv2 is used, pay attention to the following points:

  1. The local and remote ID types can be different, and can be independently specified using commands.
  2. local-id-type at the local end must match peer-id-type at the remote end. In IKEv1, local-id-type at the local end must match local-id-type at the remote end.

Example

# Set the local ID type to the local host name in the IKE peer view.

<Huawei> system-view
[Huawei] ike peer huawei v1
[Huawei-ike-peer-huawei] local-id-type name
Translation
Download
Updated: 2019-05-29

Document ID: EDOC1000097293

Views: 90698

Downloads: 124

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next