206
Step Command Remarks
4. Specify the IKE proposals
for the IKE peer to
reference.
proposal
proposal-number&<1-6>
Optional.
By default, an IKE peer
references no IKE proposals,
and, when initiating IKE
negotiation, it uses the IKE
proposals configured in system
view.
If the IKE negotiation mode in
phase 1 is
aggressive
, only the
first IKE proposal specified for
the IKE peer takes effect.
5. Configure a pre-shared key
for pre-shared key
authentication or specify a
PKI domain for digital
signature authentication.
• To configure a pre-shared key:
pre-shared-key [ cipher |
simple ] key
• To specify a PKI domain:
certificate domain
domain-name
Configure either command
according to the authentication
method for the IKE proposal.
In FIPS mode, the key must
contain at least eight characters
comprising digits, uppercase
and lowercase letters, and
special characters.
6. Select the ID type for IKE
negotiation phase 1.
id-type
{
ip
|
name
|
user-fqdn
}
Optional.
By default, the ID type is IP.
7. Configure a name for the
local security gateway.
local-name
name
Optional.
By default, no name is
configured for the local security
gateway in IKE peer view, and
the security gateway name
configured by using the
ike
local-name
command is used.
8. Specify the name of the
remote security gateway.
remote-name
name
Optional.
The remote gateway name
configured with
remote-name
command on the local gateway
must be identical to the local
name configured with the
local-name
command on the
peer.
9. Configure an IP address for
the local gateway.
local-address
ip-address
Optional.
By default, it is the primary IP
address of the interface
referencing the security policy.
10. Specify the IP addresses of
the remote gateway.
remote-address
{ hostname
[
dynamic
] | low-ip-address
[ high-ip-address ] }
Optional.
The remote IP address
configured with the
remote-address
command on
the local gateway must be
identical to the local IP address
configured with the
local-address
command on the
peer.
11. Enable the NAT traversal
function for IPsec/IKE.
nat traversal
Optional.
Required when a NAT gateway
is present in the VPN tunnel
constructed by IPsec/IKE.
Disabled by default.