< Home

local-id-type

Function

The local-id-type command sets the type of the local ID used in IKE negotiation.

The undo local-id-type command restores the default type of the local ID used in IKE negotiation.

By default, the local ID type used by IKE negotiation is IP.

Format

local-id-type { fqdn | ip | key-id | user-fqdn }

undo local-id-type

Parameters

Parameter Description Value

fqdn

Specifies the name as the local ID.

-

ip

Specifies the IP address as the local ID.

-

key-id

Specifies the key-id as the local ID.

-

user-fqdn

Specifies the USER-FQDN as the local ID.

-

Views

Efficient VPN policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

Identity authentication is a protection mechanism for IKE negotiation. The device ensures security by confirming identities of communication parties. IKE peers can use different types. This command configures the type of the local ID of an IKE peer.

Precautions

  • The local ID type can be different from the remote ID type. You can use commands to specify the local and remote ID types.
  • For pre-shared key authentication, the local ID type on the local end must be the same as the remote ID type on the remote end, and the local ID on the local end must be the same as the remote ID on the remote end.
Different authentication methods support different ID types, as shown in Table 1.
Table 1 Relationship between local IKE ID types, local ID, and authentication methods

Authentication Method

IP

FQDN

USER-FQDN

key-id

pre-share

Supported

The IP address is the local IP address used for IKE negotiation by default.

Supported

The ID specified by the ike local-name command, indicating that all peers on the device use this ID for identity authentication.

Supported

The ID specified by the ike local-name command, indicating that all peers on the device use this ID for identity authentication.

Supported

This parameter is often used when the device using the Efficient VPN policy functions as a remote end to communicate with Cisco devices.

Example

# Set the local ID type of Efficient VPN to FQDN.
<HUAWEI> system-view
[HUAWEI] ipsec efficient-vpn evpn mode client
[HUAWEI-ipsec-efficient-vpn-evpn] local-id-type fqdn
Parent Topic: IPSec Configuration Commands (IPSec Efficient VPN)
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >