local-address(isakmp)
Function
The local-address command configures the originating IP address of the IPSec negotiation packet.
The undo local-address command restores the default setting.
By default, the local IP address is not set.
This command is supported only on the NetEngine 8000 F1A.
Parameters
| Parameter | Description | Value |
|---|---|---|
| localaddr |
Indicates the IP address of the local peer. To reduce IP address consumption, IPsec supports the IP address unnumbered function. This address can be the same as the IP address of an Ethernet main interface or sub-interface, Eth-Trunk interface or sub-interface, VLANIF interface, tunnel interface, or loopback interface on the device. |
The value is in dotted decimal notation. |
Usage Guidelines
The local-address must be configured when the interface of the IPSec tunnel initiating end is configured with multiple IP addresses or the IPSec application is applied to the dual-system hot backup environment.
If the IP address of the local peer is the same as that of another interface on the device and the IPSec policy is configured on a tunnel interface, the device automatically generates the binding tunnel ipsec command configuration on the interface. This indicates that the interface has the IPSec policy bound, and therefore cannot be used for other services. After an IPSec policy is applied to an interface, you cannot run the local-address command to modify the local IP address of the IPSec policy. The local IP address is used only when the negotiation is initiated. The destination IP address in the negotiation packet sent by the peer is used as the local IP address to respond to the negotiation.