R3721-F3210-F3171-HP High-End Firewalls VPN Command Reference-6PW101
45
View
IKE peer view
Default level
2: System level
Parameters
aggressive: Aggressive mode. This keyword is not available for the FIPS mode.
main: Main mode.
Description
Use exchange-mode to select an IKE negotiation mode.
Use undo exchange-mode to restore the default.
By default, main mode is used.
If the user at one end of an IPsec tunnel obtains IP address automatically (for example, a dial-up user), IKE
negotiation mode must be set to aggressive. In this case, an SA can be created as long as the username
and password are correct.
In FIPS mode, the firewall prohibits you from turning on the aggressive negotiation mode, and does not
respond to any aggressive negotiation requests.
Related commands: id-type.
Examples
# Specify that IKE negotiation works in main mode.
<Sysname> system-view
[Sysname] ike peer peer1
[Sysname-ike-peer-peer1] exchange-mode main
id-type
Syntax
id-type { ip | name | user-fqdn }
undo id-type
View
IKE peer view
Default level
2: System level
Parameters
ip: Uses an IP address as the ID during IKE negotiation.
name: Uses a name of the Fully Qualified Domain Name (FQDN) type as the ID during IKE negotiation.
user-fqdn: Uses a name of the user FQDN type as the ID during IKE negotiation.
Description
Use id-type to select the type of the ID for IKE negotiation.
Use undo id-type to restore the default.