The remote-id command specifies the remote ID for IKE negotiation.
The undo remote-id command deletes the remote ID for IKE negotiation.
By default, the remote ID for IKE negotiation is not configured.
| Parameter | Description | Value |
|---|---|---|
| id | Specifies the remote ID. | The value is a string of 1 to 255 case-sensitive characters including special characters, such as the exclamation point (!), at sign (@), number sign (#), dollar sign ($), and percent (%). |
Usage Scenario
If the remote ID type of the IKE peer is IP, DN, FQDN, or USER-FQDN, you can run this command to set a value for the remote ID.
During IKE negotiation, you can run the remote-id-type and remote-id commands to configure the remote ID type and remote ID for authentication.
Precautions
# Set the remote end of the tunnel. <sysname_A> system-view [sysname_A] ike local-name device_A # Set the local end of the tunnel. <sysname_B> system-view [sysname_B] ike peer peer1 [sysname_B-ike-peer-peer1] remote-id device_A
If the remote ID type is DN, set the remote ID as follows:
<sysname> system-view [sysname] ike peer peer1 [sysname-ike-peer-peer1] remote-id /C=CN/ST=beijing
If remote-id is set to the subject field in the certificate entity, the format is as follows: "/"+"subject". Note that spaces in the subject field are omitted and the comma is replaced by slash (/). For example, if the subject field is C=CN, ST=beijing, the command is remote-id /C=CN/ST=beijing.
If the remote ID type is FQDN, set the remote ID as follows:
<sysname> system-view [sysname] ike peer peer1 [sysname-ike-peer-peer1] remote-id www.hw.com
If the remote ID type is USER-FQDN, set the remote ID as follows:
<sysname> system-view [sysname] ike peer peer1 [sysname-ike-peer-peer1] remote-id user@hw.com