remote-address (IKE peer view)
Function
The remote-address command configures the remote address or address range for the IKE peer.
The undo remote-address command restores the default setting.
By default, the IP address or address segment of the IKE peer is not set.
This command is supported only on the NetEngine 8000 F1A.
Parameters
| Parameter | Description | Value |
|---|---|---|
| authentication-address |
Indicates the authentication address. |
- |
| vpn-instance vpn-instance-name |
Indicates the name of the VPN instance. |
The value is a string of 1 to 31 case-sensitive characters, spaces not supported. In addition, the VPN instance name must not be _public_. When double quotation marks are used around the string, spaces are allowed in the string. |
| remote-low-address |
Indicates the start address of the peer IP address range. |
The value is in dotted decimal notation. |
| remote-high-address |
Indicates the end address of the peer IP address range. |
The value is in dotted decimal notation. |
Usage Guidelines
Usage Scenario
If remote-high-address is not specified in the command, only one address is configured for the IKE peer. If the peer address is configured as an address segment, this IKE peer can be applied by the IPSec policy template only.
When the IKE peer is quoted by the IPSec policy or IPSec policy template, you cannot run the remote-address command to modify the peer IP address of the IKE peer. vpn-instance-name configured in remote-address should be same as the vpn-instance-name configured in interface to which policy is applied.Precautions
If the same local IP address is configured in different IPsec policies and these IPsec policies are applied to different IPsec tunnels, the IPsec tunnels cannot load-balance traffic.
If the same local IP address is configured in different IPsec policies and is bound to a physical inbound interface in some IPsec policies and not bound to any physical inbound interface in other IPsec policies, after these IPsec policies are applied to different IPsec tunnels, the IPsec tunnels cannot load-balance traffic.