beautypg.com

H3C Technologies H3C WX3000E Series Wireless Switches User Manual

Page 387

background image

373

To configure an IKE peer:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Create an IKE peer and
enter IKE peer view.

ike peer peer-name N/A

3.

Specify the IKE negotiation

mode for phase 1.

exchange-mode { aggressive | main }

Optional.
main by default

4.

Specify the IKE proposals for

the IKE peer to reference.

proposal proposal-number&<1-6>

Optional.
By default, an IKE peer references
no IKE proposals, and, when

initiating IKE negotiation, it uses
the IKE proposals configured in

system view.

5.

Configure the pre-shared
key for pre-shared key

authentication

pre-shared-key [ cipher | simple ] key

Configure either command
according to the authentication

method for the IKE proposal

6.

Configure the PKI domain
for digital signature

authentication.

certificate domain domain-name

7.

Select the ID type for IKE
negotiation phase 1.

id-type { ip | name | user-fqdn }

Optional.
ip by default

8.

Specify a name for the local
security gateway.

local-name name

Optional.
By default, no name is configured
for the local security gateway in

IKE peer view, and the security

gateway name configured by

using the ike local-name
command is used.

9.

Specify the name of the

remote security gateway.

remote-name name.

Optional.
The remote gateway name
configured with remote-name

command on the local gateway

must be identical to the local
name configured with the

local-name command on the

peer.

10.

Specify an IP address for the
local gateway.

local-address ip-address

Optional.
By default, the local gateway IP

address is the primary IP address
of the interface referencing the

security policy.