293
Ste
Command
Remarks
1. Enter system view. system-view N/A
2. Create an IKE peer and enter
IKE peer view.
ike peer peer-name N/A
3. Specify the IKE negotiation
mode for phase 1.
exchange-mode main
Optional.
The default is main.
4. Specify the IKE proposals for
the IKE peer to reference.
proposal proposal-number&<1-6>
Optional.
By default, an IKE peer references
no IKE proposals, and, when
initiating IKE negotiation, it uses
the IKE proposals configured in
system view.
5. Configure the pre-shared key
for pre-shared key
authentication.
pre-shared-key [ cipher | simple ]
key
Configure either command
according to the authentication
method for the IKE proposal.
6. Configure the PKI domain for
digital signature
authentication.
certificate domain domain-name
7. Select the ID type for IKE
negotiation phase 1.
id-type { ip | name | user-fqdn }
Optional.
ip by default.
8. Configure the names of the
two ends.
• Specify a name for the local
security gateway:
local-name name
• Configure the name of the
remote security gateway:
remote-name name
Optional.
By default, no name is configured
for the local security gateway in
IKE peer view, and the security
gateway name configured by
using the ike local-name
command is used.
The remote gateway name
configured with remote-name
command on the local gateway
must be identical to the local
name configured with the
local-name command on the
peer.
9. Configure the IP addresses of
the two ends.
• Specify an IP address for the
local gateway:
local-address ip-address
• Configure the IP addresses of the
remote gateway:
remote-address { hostname
[ dynamic ] | low-ip-address
[ high-ip-address ] }
Optional.
By default, it is the primary IP
address of the interface
referencing the security policy.
The remote IP address configured
with the remote-address
command on the local gateway
must be identical to the local IP
address configured with the
local-address command on the
peer.
10. Enable the NAT traversal
function for IPsec/IKE.
nat traversal
Optional.
Disabled by default.
To Next Page
Loading...
