local-id-reflect enable

Function

The local-id-reflect enable command enables the function of using the local ID of the responder as the remote ID carried in the IKE packets sent by the initiator during IKEv2 negotiation.

The undo local-id-reflect enable command disables the function of using the local ID of the responder as the remote ID carried in the IKE packets sent by the initiator during IKEv2 negotiation.

By default, during IKEv2 negotiation, the local ID of the responder is used as the remote ID carried in the IKE packets sent by the initiator.

Format

local-id-reflect enable

undo local-id-reflect enable

Parameters

None

Views

IKE peer view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

During IKEv2 negotiation, if the user does not know the remote ID configured for the initiator, run the local-id-reflect enable command on the responder. When the responder receives an IKE packet from the initiator, the responder uses the IDr payload (remote ID) in the received packet as its local ID. If the responder does not obtain the IDr payload, it obtains its local ID based on the local configuration.

Precautions

This command is not supported when IKEv2 uses a digital envelope for authentication during certificate negotiation.

When both the local-id-reflect enable and local-id-preference certificate enable commands are configured, the local-id-reflect enable command takes effect.

Currently, the ID type can only be IP address, ESN, FQDN, or User-FQDN.

Example

# Enable the function of using the local ID of the responder as the remote ID carried in the IKE packets sent by the initiator during IKEv2 negotiation.

<sysname> system-view
[sysname] ike peer peer1
[sysname-ike-peer-peer1] local-id-reflect enable