authentication-method

Function

The authentication-method command specifies the authentication method used in IKE negotiation.

The undo authentication-method command restores the default authentication method.

By default, pre-shared key authentication is used in IKE negotiation.

Format

authentication-method { pre-share | rsa-signature | digital-envelope [ version 2.0 ] }

undo authentication-method

Parameters

Parameter	Description	Value
pre-share	Uses pre-shared key authentication.	-
rsa-signature	Uses RSA signature authentication.	-
digital-envelope	Uses RSA digital envelope authentication. It applies only to the IKEv1 main mode. IPSec 6 does not support RSA digital envelope authentication.	-
version 2.0	Uses SM2 digital envelope authentication.	-

Views

IKE proposal view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

Identity authentication is a protection mechanism that ensures secure data transmission on an insecure network. This command configures an identity authentication method.

Precautions

The authentication methods in the IKE proposals used by the IKE peer must be the same. Otherwise, IKE negotiation fails.

Follow-up Procedure

If pre-share is specified, run the pre-shared-key command to specify an authentication key.
If rsa-signature is specified, configure a local certificate.
If digital-envelope is specified, the authentication method is RSA digital envelope. To obtain the RSA public key of the remote peer, you can specify the address of the remote peer using the address command in the Rsa-public-key view or specify the certificate of the remote peer using the certificate peer-filename command.
If digital-envelope version 2.0 is specified, the authentication method is SM2 digital envelope. Configure the encryption domain and signature domain on the IKE peer.

Example

# Configure pre-shared key authentication in IKE proposal 10.

<sysname> system-view
[sysname] ike proposal 10
[sysname-ike-proposal-10] authentication-method pre-share