EasyManuals Logo

HPE MSR1000 User Manual

HPE MSR1000
371 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #217 background imageLoading...
Page #217 background image
111
•
fqdn fqdn-name: Uses the peer's FQDN as the peer ID for IKEv2 profile matching. The
fqdn-name argument is a case-sensitive string of 1 to 255 characters, such as www.test.com.
•
email email-string: Uses peer's email address as the peer ID for IKEv2 profile matching. The
email-string argument is a case-sensitive string of 1 to 255 characters in the format defined by
RFC 822, such as sec@abc.com.
•
key-id key-id-string: Uses the peer's key ID as the peer ID for IKEv2 profile matching. The
key-id-string argument is a case-sensitive string of 1 to 255 characters, and is usually a
vendor-specific string for doing proprietary types of identification.
Usage guidelines
The device compares the received peer ID with the peer IDs configured in local IKEv2 profiles. If a
match is found, it uses the IKEv2 profile with the matching peer ID for IKEv2 negotiation. If you have
configured the match local address and match vrf commands, the IKEv2 profile must also match
the specified local interface or address and the specified VPN instance.
To make sure only one IKEv2 profile is matched for a peer, do not configure the same peer ID for two
or more IKEv2 profiles. If you configure the same peer ID for two or more IKEv2 profiles, which IKEv2
profile is selected for IKEv2 negotiation is unpredictable.
You can configure an IKEv2 profile to match multiple peer IDs. A peer ID configured earlier has a
higher priority.
Examples
# Create an IKEv2 profile named profile1.
<Sysname> system-view
[Sysname] ikev2 profile profile1
# Configure the IKEv2 profile to match the peer ID that is the FQDN name www.test.com.
[Sysname-ikev2-profile-profile1] match remote identity fqdn www.test.com
# Configure the IKEv2 profile to match the peer ID that is the IP address 10.1.1.1.
[Sysname-ikev2-profile-profile1]match remote identity address 10.1.1.1
Related commands
•
identity local
•
match local address
•
match vrf
New command: match vrf (IKEv2 policy view)
Use match vrf to specify a VPN instance that an IKEv2 policy matches.
Use undo match vrf to restore the default.
Syntax
match vrf { name vrf-name | any }
undo match vrf

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HPE MSR1000 and is the answer not in the manual?

HPE MSR1000 Specifications

General IconGeneral
BrandHPE
ModelMSR1000
CategoryNetwork Router
LanguageEnglish

Related product manuals