78
If the local end uses RSA, DSA, or ECDSA signature authentication, you must specify a PKI domain
for signature generation. If the remote end uses RSA, DSA, or ECDSA signature authentication, you
must specify a PKI domain for verifying the remote end's certificate. If you do not specify PKI
domains, the PKI domains configured in system view will be used.
Examples
# Create an IKEv2 profile named profile1.
<Sysname> system-view
[Sysname] ikev2 profile profile1
# Specify the PKI domain abc for signature. Specify the PKI domain def for verification.
[Sysname-ikev2-profile-profile1] certificate domain abc sign
[Sysname-ikev2-profile-profile1] certificate domain def verify
Related commands
authentication-method
pki domain
New command: config-exchange
Use config-exchange to enable the configuration exchange feature.
Use undo config-exchange to disable the configuration exchange feature.
Syntax
config-exchange { request | set { accept | send } }
undo config-exchange { request | set { accept | send } }
Default
Configuration exchange is disabled.
Views
IKEv2 profile view
Predefined user roles
network-admin
Parameters
request: Enables the device to send request messages carrying the configuration request payload
during the IKE_AUTH exchange.
set: Specifies the configuration set payload exchange.
accept: Enables the device to accept the configuration set payload carried in Info messages.
send: Enables the device to send Info messages carrying the configuration set payload.
To Next Page
Loading...
