The ike user-table command creates an IKE user table and displays the IKE user table view, or directly displays the view of an existing IKE user table.
The undo ike user-table command deletes an IKE user table.
By default, no IKE user table is configured.
Parameter |
Description |
Value |
|---|---|---|
user-table-id |
Specifies the ID of an IKE user table. |
The value is an integer that ranges from 1 to 1024. |
Usage Scenario
In a point-to-multipoint scenario, the device functions as the VPN gateway of the headquarters, an IPSec policy is created using an IPSec policy template, and the VPN gateway receives IPSec connection setup requests of different branches. Some parameters (for example, pre-shared key, IP address, DNS server address, and VPN instance) of IKE peers are configured on the headquarters gateway that connect to branch gateways, and the parameters are used by all branches. In this case, services of branches cannot be distinguished, and there are even security risks. When the pre-shared key is used for identity authentication and all branches use the same ID and pre-shared key, there are security risks. That is, if the ID and pre-shared key of one branch leak, the ID and pre-shared key of all branches leak.
You are advised to configure an IKE user table to prevent this problem. The IKE user table records the mapping between remote IDs of IKE peers and other parameters. After an IKE peer references the IKE user table, the device searches for the parameters matching the remote ID of the IKE peer in the IKE user table during IKE negotiation. By doing this, branches use different services.
Follow-up Procedure
Run the user-table command in the IKE peer view to reference the IKE user table.
Precautions
The IKE user table that has been referenced by an IKE peer cannot be deleted.