< Home

remote-address (Efficient VPN policy view)

Function

The remote-address command configures an IP address or domain name for the remote IKE peer during IKE negotiation.

The undo remote-address command deletes an IP address or domain name for the remote IKE peer during IKE negotiation.

By default, no IP address or domain name is configured for the remote IKE peer during IKE negotiation.

Format

remote-address { ip-address | host-name host-name } { v1 | v2 }

undo remote-address [ ip-address | host-name host-name ]

Parameters

Parameter

Description

Value

ip-address

Specifies the IP address of the remote IKE peer.

The value is in dotted decimal notation.

host-name host-name

Specifies the domain name of the remote IKE peer.

The value is an existing remote IKE peer domain name.

v1

Indicates that both ends use IKEv1.

-

v2

Indicates that both ends use IKEv2.

-

Views

Efficient VPN policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The remote-address command configures an IP address or domain name for the remote IKE peer in an Efficient VPN policy. If the domain name is configured for the remote IKE peer, the IP address of the remote IKE peer is obtained in either of the following modes:
  • Static mode: The IP address of the remote IKE peer is obtained based on the mapping between the domain name and IP address.
  • Dynamic mode: The IP address of the remote IKE peer is obtained from the DNS server.

To improve network reliability, two devices can be deployed at the headquarters to connect to the branch gateway. In an Efficient VPN solution, two IP addresses or domain names of the remote IKE peer can be configured on the branch gateway. The branch gateway first attempts to use the first configured IP address or domain name to establish an IKE connection with the headquarters gateway. If establishing an IKE connection fails, the branch gateway uses the second IP address or domain name to establish an IKE connection.

Precautions

When you configure IP addresses or domain names for two remote IKE peers, ensure that the value type of remote-address and the IKE version are respectively the same. Generally, only one device is deployed at the headquarters to connect to the branch gateway. Therefore, only one remote address is configured.

Example

# Assign the IP addresses 10.1.1.1 and 10.1.2.1 to the remote peer in the Efficient VPN policy view.

<HUAWEI> system-view
[HUAWEI] ipsec efficient-vpn evpn mode client
[HUAWEI-ipsec-efficient-vpn-evpn] remote-address 10.1.1.1 v1
[HUAWEI-ipsec-efficient-vpn-evpn] remote-address 10.1.2.1 v1

# Set the domain name of the remote peer to mypeer in the Efficient VPN policy view.

<HUAWEI> system-view
[HUAWEI] ipsec efficient-vpn evpn mode client
[HUAWEI-ipsec-efficient-vpn-evpn] remote-address host-name mypeer v1
Parent Topic: IPSec Configuration Commands (IPSec Efficient VPN)
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >