HP 6125XLG R2306-HP 6125XLG Blade Switch Security Command Reference - Page 274
remote-address, obtains the latest IP address of the host.
View all HP 6125XLG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 274 highlights
[Sysname] ipsec policy policy1 100 manual [Sysname-ipsec-policy-manual-policy1-100] qos pre-classify remote-address Use remote-address to configure the remote IP address for the IPsec tunnel. Use undo remote-address to restore the default. Syntax remote-address { [ ipv6 ] host-name | ipv4-address | ipv6 ipv6-address } undo remote-address { [ ipv6 ] host-name | ipv4-address | ipv6 ipv6-address } Default No remote IP address is specified for the IPsec tunnel. Views IPsec policy view, IPsec policy template view Predefined user roles network-admin Parameters ipv6: Specifies a remote IPv6 address. Without this keyword, you specify an IPv4 address or host name. hostname: Specifies the remote host name, a case-sensitive string of 1 to 255 characters. The host name can be resolved to an IP address by the DNS server. ipv4-address: Specifies a remote IPv4 address. ipv6-address: Specifies a remote IPv6 address. Usage guidelines This remote IP address configuration is required on the IKE negotiation initiator and optional on the responder. A manual IPsec policy does not support DNS. Therefore, you must specify a remote IP address rather than a remote host name for the manual IPsec policy. If you configure a remote host name, the following scenarios apply: • If the host name is resolved by the DNS server, the local end sends a request to the DNS server to obtain the latest IP address corresponding to the host name when the domain name resolution period expires. The resolution period is defined by the DNS server and restarts after the local end obtains the latest IP address of the host. • If the host name is resolved by the ip host command and you change the IP address of the remote host, you must reconfigure the remote host name in the IPsec policy or IPsec policy template by using the remote-address command. Otherwise, the local end cannot obtain the latest IP address of the remote host. For example, the local end has a static domain name resolution entry, which maps the host name test to the IP address 1.1.1.1. Configure the following commands: # Configure the remote host name to test for the IPsec tunnel in the IPsec policy policy1. [Sysname] ipsec policy policy1 1 isakmp [Sysname-ipsec-policy-isakmp-policy1-1] remote-address test 265