HP 6125XLG R2306-HP 6125XLG Blade Switch Security Command Reference - Page 303
ike signature-identity from-certificate
View all HP 6125XLG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 303 highlights
Parameters proposal-number: Specifies an IKE proposal number in the range of 1 to 65535. The lower the number, the higher the priority of the IKE proposal. Usage guidelines During IKE negotiation: • The initiator sends its IKE proposals to the peer. { If the initiator is using an IPsec with an IKE profile, the initiator sends all IKE proposals referenced by the IKE profile to the peer. An IKE proposal specified earlier for the IKE profile has a higher priority. { If the initiator is using an IPsec with no IKE profile, the initiator sends all its IKE proposals to the peer. An IKE proposal with a smaller number has a higher priority. • The peer searches its own IKE proposals for a match. The search starts from the IKE proposal with the highest priority and proceeds in the descending order of priority until a match is found. The matching IKE proposals are used to establish the IKE SA. If all user-defined IKE proposals are found mismatching, the two peers use their default IKE proposals to establish the IKE SA. Examples # Create IKE proposal 1 and enter its view. system-view [Sysname] ike proposal 1 [Sysname-ike-proposal-1] Related commands display ike proposal ike signature-identity from-certificate Use ike signature-identity from-certificate to configure the local device to always obtain the identity information from the local certificate for signature authentication. Use undo ike signature-identity from-certificate to restore the default. Syntax ike signature-identity from-certificate undo ike signature-identity from-certificate Default The local end uses the identity information specified by local-identity or ike identity for signature authentication. Views System view Predefined user roles network-admin Usage guidelines Configure the command on the local device that initiates aggressive IKE SA negotiations that use signature authentication for compatibility with the peer device running a Comware V5-based release. Such release supports only DN for signature authentication. 294