HP 6125XLG R2306-HP 6125XLG Blade Switch Security Command Reference - Page 308
match remote, Parameters, Usage guidelines, Examples, Syntax, Default
View all HP 6125XLG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 308 highlights
Parameters interface-type interface-number: Specifies a local interface. It can be any Layer 3 interface. ipv4-address: Specifies the IPv4 address of a local interface. ipv6 ipv6-address: Specifies the IPv6 address of a local interface. vpn-instance vpn-name: Specifies the MPLS L3VPN to which the IPv4 or IPv6 address belongs. The vpn-name argument is a case-sensitive string of 1 to 31 characters. To specify an IP address on the public network, do not specify this option. Usage guidelines Use this command to specify which address or interface can use the IKE profile for IKE negotiation. Specify the local address configured in IPsec policy or IPsec policy template view (using the local-address command) for this command. If no local address is configured, specify the IP address of the interface referencing the IPsec policy. An IKE profile configured earlier has a higher priority. To give an IKE profile that is configured later a higher priority, you can configure this command for the profile. For example, suppose you configured IKE profile A before configuring IKE profile B, and you configured the match remote identity address range 2.2.2.1 2.2.2.100 command for IKE profile A and the match remote identity address range 2.2.2.1 2.2.2.10 command for IKE profile B. For peer 2.2.2.2, IKE profile A is preferred because IKE profile A was configured earlier. To use IKE profile B for the peer, you can use this command to restrict the application scope of IKE profile B to address 2.2.2.2. Examples # Create IKE profile prof1. system-view [Sysname] ike profile prof1 # Specify that IKE profile prof1 be applied only to the interface with the IP address 2.2.2.2 in VPN vpn1. [sysname-ike-profile-prof1] match local address 2.2.2.2 vpn-instance vpn1 match remote Use match remote to configure a peer ID. Use undo match remote to delete a peer ID. Syntax match remote { certificate policy-name | identity { address { { ipv4-address [ mask | mask-length ] | range low-ipv4-address high-ipv4-address } | ipv6 { ipv6-address [ prefix-length ] | range low-ipv6-address high-ipv6-address } } [ vpn-instance vpn-name ] | fqdn fqdn-name | user-fqdn user-fqdn-name } } undo match remote { certificate policy-name | identity { address { { ipv4-address [ mask | mask-length ] | range low-ipv4-address high-ipv4-address } | ipv6 { ipv6-address [ prefix-length ] | range low-ipv6-address high-ipv6-address } } [ vpn-instance vpn-name ] | fqdn fqdn-name | user-fqdn user-fqdn-name } } Default No peer ID is configured. 299