remote-id-type

Function

The remote-id-type command configures the remote ID type for IKE negotiation.

The undo remote-id-type command cancels the remote ID type.

By default, no remote ID type is configured.

Format

remote-id-type { any | dn | esn | fqdn | ip | user-fqdn | none }

undo remote-id-type

Parameters

Parameter	Description	Value
any	Specifies that the remote ID can be of any type.	-
dn	Specifies the distinguished name (DN) as the remote ID.	-
esn	Specifies the equipment serial number (ESN) as the remote ID.	-
fqdn	Specifies the host name of the remote end as the remote ID.	-
ip	Specifies the IP address of the remote end as the remote ID.	-
user-fqdn	Specifies the user domain name of the remote end as the remote ID.	-
none	Specifies the remote ID type of an IKE peer as none. After this parameter is specified, the remote ID type and remote ID are not checked during IKE negotiation.	-

Views

IKE peer view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

Identity authentication is a protection mechanism for IKE negotiation. This mechanism ensures device security by confirming identities of communication parties. IKE peers can use different types of IDs. This command configures the remote ID type of an IKE peer.

Precautions

The local ID type can be different from the remote ID type. You can use commands to specify the local and remote ID types.
If IKEv1 is used, pre-shared key authentication requires the local ID on the local end to be the same as the remote ID on the remote end. If IKEv2 is used, pre-shared key authentication requires the local ID type or local ID on the local end to be the same as the remote ID type or remote ID on the remote end.
For RSA signature authentication, the remote ID type or remote ID on the local end must be consistent with corresponding fields in the local certificate on the remote end.

Support for remote ID types and their configuration methods differ depending on the authentication modes. Table 1 describes the details.

**Table 1** Relationships among the remote ID type, remote ID, and authentication mode
Authentication Mode	IP	DN	ESN	FQDN	USER-FQDN
Pre-shared key authentication (pre-share)	Supported To set a remote ID, run the remote-address command.	Not supported	Supported You do not need to configure this parameter. The ESN of the device is used by default.	Supported To set a remote ID, run the remote-id command. The remote IKE peer uses this ID for identity authentication.	Supported To set a remote ID, run the remote-id command. The remote IKE peer uses this ID for identity authentication.
RSA signature authentication (rsa-signature)	Supported To set a remote ID, run the remote-address command.	Supported To set a remote ID, run the remote-id command. The remote IKE peer uses the ID of the corresponding field in the certificate for identity authentication.	Not supported	Supported To set a remote ID, run the remote-id command. The remote IKE peer uses the ID of the corresponding field in the certificate for identity authentication.	Supported To set a remote ID, run the remote-id command. The remote IKE peer uses the ID of the corresponding field in the certificate for identity authentication.
RSA Digital Envelope authentication (digital-envelope)	Supported To set a remote ID, run the remote-address command.	Supported To set a remote ID, run the remote-id command. The remote IKE peer uses the ID of the corresponding field in the certificate for identity authentication.	Not supported	Not supported	Not supported
SM2 Digital Envelope authentication (digital-envelope new)	Supported To set a remote ID, run the remote-address command.	Supported To set a remote ID, run the remote-id command. The remote IKE peer uses the ID of the corresponding field in the certificate for identity authentication.	Not supported	Not supported	Not supported

Example

# Set the remote ID type of IKE peer peer1 to FQDN for pre-shared key authentication.

<sysname> system-view
[sysname] ike peer peer1
[sysname-ike-peer-peer1] remote-id-type fqdn