Manualshelf

R3166-R3206-HP High-End Firewalls VPN Command Reference-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
21222324252627282930
19
main: Main mode.
Description
Use the exchange-mode command to select an IKE negotiation mode.
Use the undo exchange-mode command to restore the default.
By default, main mode is used.
If the user at one end of an IPsec tunnel obtains IP address automatically (for example, a dial-up user), IKE
negotiation mode must be set to aggressive. In this case, an SA can be created as long as the username
and password are correct.
Related commands: id-type.
Examples
# Specify that IKE negotiation works in main mode.
<Sysname> system-view
[Sysname] ike peer peer1
[Sysname-ike-peer-peer1] exchange-mode main
id-type
Syntax
id-type { ip | name }
undo id-type
View
IKE peer view
Default level
2: System level
Parameters
ip: Uses an IP address as the ID during IKE negotiation.
name: Uses a name of the Fully Qualified Domain Name (FQDN) type as the ID during IKE negotiation.
Description
Use the id-type command to select the type of the ID for IKE negotiation.
Use the undo id-type command to restore the default.
By default, the ID type is IP address.
In main mode, only the ID type of IP address can be used in IKE negotiation and SA creation. In
aggressive mode, either type can be used.
Related commands: local-name, ike local-name, remote-name, remote-address, local-address, and
exchange-mode.
Examples
# Use the ID type of name during IKE negotiation.
<Sysname> system-view
[Sysname] ike peer peer1
[Sysname-ike-peer-peer1] id-type name