< Home

id-type

Function

The id-type command configures the IKE user ID type and ID.

The undo id-type command deletes the IKE user ID type and ID.

By default, the IKE user ID type and ID are not configured.

Format

id-type { any any-id | esn esn-number | fqdn remote-fqdn | ip { ipv4-address | ipv6-address } | user-fqdn remote-user-fqdn }

undo id-type

Parameters

Parameter

Description

Value
any any-id

Indicates that the remote ID type of an IKE peer can be any type and configures the remote ID.

The value is a string of 1 to 255 case-sensitive characters without question marks (?).
esn esn-number

Uses the ESN as the remote ID of an IKE peer and configures the remote ID.

The value is a string of 1 to 255 case-sensitive characters without question marks (?).
fqdn remote-fqdn

Uses the name as the remote ID of an IKE peer and configures the remote ID.

The value is a string of 1 to 255 case-sensitive characters without question marks (?).
ip ipv4-address

Uses the IPv4 address as the remote ID of an IKE peer and configures the remote ID.

The value is in dotted decimal notation.
ip ipv6-address

Uses the IPv6 address as the remote ID of an IKE peer and configures the remote ID.

The value is in colon hexadecimal notation.
user-fqdn remote-user-fqdn

Uses the domain name as the remote ID of an IKE peer and configures the remote ID.

The value is a string of 1 to 255 case-sensitive characters without question marks (?).

Views

IKE user view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

In a point-to-multipoint scenario, the device functions as the VPN gateway of the headquarters, an IPSec policy is created using an IPSec policy template, and the VPN gateway receives IPSec connection setup requests of different branches. When the pre-shared key is used for identity authentication and all branches use the same ID and pre-shared key, there are security risks. That is, if the ID and pre-shared key of one branch leak, the ID and pre-shared key of all branches leak. To prevent this problem, you are advised to run the id-type and pre-shared-key commands in the view of the IKE user in the IKE user table.

An IKE user table records the mapping between remote IDs of IKE peers and pre-shared keys. After an IKE peer references an IKE user table, the device searches for the pre-shared key matching the remote ID of the IKE peer in the IKE user table to complete identity authentication during IKE negotiation. In this manner, branches use different IDs and pre-shared keys.

Precautions

  • After an IKE peer references an IKE user table, the ID configured using this command can be used to find required resources, for example, the pre-shared key can be found based on the configured ID.

  • When IKEv1 in main mode and pre-shared key authentication is used, the value of id-type must be set to ip. In NAT traversal scenarios, ipv4-address should be set to the IP address that is translated using NAT.

Example

# Configure the IKE user ID type and ID.

<sysname> system-view
[sysname] ike user-table 10
[sysname-ike-user-table-10] user user1
[sysname-ike-user-table-10-user1] id-type ip 1.1.1.1
Parent Topic: IPSec Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >