< Home

ikev2-redirect-group

Function

The ikev2-redirect-group command specifies a load balancing group used by an IKE peer.

The undo ikev2-redirect-group command deletes the load balancing group used by an IKE peer.

By default, no load balancing group is bound to an IKE peer.

Format

ikev2-redirect-group group-name { auth | init }

undo ikev2-redirect-group

Parameters

Parameter Description Value
group-name Specifies the name of a load balancing group. The value must be the name of an existing load balancing group.
auth Indicates redirection for IKEv2 authentication. -
init Indicates redirection for IKEv2 initialization. -

Views

IKE peer view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When many branches are connected to the headquarters, for example, many LTE base stations in LTE scenarios, deploying one IPSec gateway in the headquarters cannot meet requirements. Generally, multiple IPSec gateways are deployed in the headquarters and one virtual IP address is provided to improve the network reliability. IKEv2 redirection enables the network to select a gateway based on the load, thereby improving the IPSec gateway use efficiency.

Precautions

IKEv2 redirection cannot be used in IPSec multi-instance scenarios or scenarios where IPSec tunnels are established based on a tunnel interface or tunnel template interface.

IPSec IPv6 does not support IKEv2 redirection.

Example

# Bind the load balancing group group1 to the IKE peer mypeer, and configure the system to perform redirection during IKEv2 authentication.

<sysname> system-view
[sysname] ike peer mypeer
[sysname-ike-peer-mypeer] version 2
[sysname-ike-peer-mypeer] ikev2-redirect-group group1 auth
Parent Topic: IPSec Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >