224
• If no IKEv2 policy is configured, IKEv2 uses the system predefined IKEv2 policy default.
You can configure multiple IKEv2 policies. A policy configured earlier has a higher priority.
To configure an IKEv2 policy:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Create an IKEv2 policy and
enter IKEv2 policy view.
ikev2 policy
policy-name
By default, the device has a
system predefined IKEv2 policy
named
default
. This policy uses
the default IKEv2 proposal and
matches any local address.
3. Specify the IKEv2 proposals.
proposal
proposal-name&<1-6>
By default, a non-system
predefined IKEv2 policy
references no IKEv2 proposal.
A proposal specified earlier has a
higher priority.
4. Specify the local address
used for IKEv2 policy
matching.
match address local
{ ipv4-address |
ipv6
ipv6-address }
Optional.
By default, no local address is
used for IKEv2 policy matching,
and the policy matches any local
address.
An IKEv2 policy might have
multiple local IP addresses for
policy matching.
Configuring an IKEv2 keyring
An IKEv2 keyring specifies the pre-shared keys used for IKEv2 negotiation. An IKEv2 keyring might
have multiple peers. Each peer has a symmetric or asymmetric pre-shared key, and an argument for
identifying the peer (such as the peer's host name, IP address or address range, or ID). An IKEv2
negotiation initiator uses the peer host name or IP addresses/address range as the matching
criterion to search for a peer. A responder uses the peer host IP address, address range, or ID as the
matching criterion to search for a peer.
To configure an IKEv2 keyring:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Create an IKEv2 keyring
and enter IKEv2 keyring
view.
ikev2 keyring
keyring-name
By default, no IKEv2 keyring
exists.
3. Create an IKEv2 peer and
enter IKEv2 peer view.
peer
peer-name By default, no IKEv2 peer exists.
To Next Page
Loading...
Need help?
General
