< Home

pre-shared-key (IKE peer view)

Function

The pre-shared-key command configures the pre-shared key used by IKE peers to perform pre-shared key authentication.

The undo pre-shared-key command deletes the pre-shared key used by IKE peers to perform pre-shared key authentication.

By default, the pre-shared key used by IKE peers to perform pre-shared key authentication is not configured.

Format

pre-shared-key key

undo pre-shared-key

Parameters

Parameter

Description

Value

key

Specifies the pre-shared key used by IKE peers to perform pre-shared key authentication.

The value is a string of case-sensitive characters. A plaintext key contains 1 to 128 characters, and a ciphertext key contains 48 to 188 characters.

NOTE:

If the character string contains a question mark (?), there must be an odd number of double quotation marks (") before this question mark. Otherwise, this question mark is used as a help character. If there are an odd number of double quotation marks (") before a question mark (?) and this character string ends with this question mark, this question mark is used as a help character.

When the character string is enclosed in double quotation marks (" ") and contains spaces or question marks (?), the quotation marks are not considered as a part of the key. For example, if the entered character string is "huawei?123", the key is huawei?123 in fact. The entered character string cannot be ""huawei?123"".

For security purposes, it is recommended that the pre-shared key contains at least 3 types of lowercase letters, uppercase letters, digits, and special characters, and contains at least 6 characters.

Views

IKE peer view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

During IKE negotiation, IPSec can use pre-shared key authentication to verify identities of communication parties. After pre-shared key authentication is configured, the initiator encrypts data using the pre-shared key before transmitting the data, and the receiver decrypts the data using the same pre-shared key. If the receiver succeeds in data decryption, the initiator passes the identity verification.

Prerequisites

Pre-shared key authentication has been specified in an IKE proposal.

Precautions

Both ends of IKE negotiation must be configured with the same pre-shared key.

Example

# Configure the pre-shared key used by IKE peers to perform pre-shared key authentication as Test!123.
<sysname> system-view
[sysname] ike peer peer1
[sysname-ike-peer-peer1] pre-shared-key Test!123
Parent Topic: IPSec Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >