R2511-HP MSR Router Series Security Command Reference(V5)
288
When IKEv2 policies are matched according to local IP address, an IKEv2 policy with a local address
configured takes precedence over an IKEv2 policy with no local address configured.
If no IKEv2 policy is configured, IKEv2 uses the system predefined IKEv2 policy default.
Examples
# Create an IKEv2 policy named prop1, assign IKEv2 proposal prop1 to it, and specify the local address
2.2.2.2 for it.
<Sysname> system-view
[Sysname] ikev2 policy prop1
[Sysname-ikev2-policy-prop1] proposal prop1
[Sysname-ikev2-policy-prop1] match address local 2.2.2.2
With this configuration, when the local end negotiates an IKEv2 SA for 2.2.2.2, it uses the IKEv2
proposal specified in IKEv2 policy prop1.
# Create an IKEv2 policy named policy1, assign IKEv2 proposal prop1 to it, and specify the local
address 3.3.3.3 for it.
<Sysname> system-view
[Sysname] ikev2 policy policy1
[Sysname-ikev2-policy-policy1] proposal prop1
[Sysname-ikev2-policy-policy1] match address local 3.3.3.3
# Create an IKEv2 policy named policy2, assign IKEv2 proposal prop2 to it, and specify the local
address 3.3.3.3 for it.
[Sysname] ikev2 policy policy2
[Sysname-ikev2-policy-policy2] proposal prop2
[Sysname-ikev2-policy-policy2] match address local 3.3.3.3
With the previous configuration, when the local end negotiates an IKEv2 SA for 3.3.3.3, it uses the IKEv2
proposal specified in IKEv2 policy policy1.
Related commands
• display ikev2 policy
• proposal
• match address pool
ikev2 profile (system view)
Use ikev2 profile to create an IKEv2 profile and enter IKEv2 profile view. An IKEv2 profile includes the
IKEv2 SA parameters that are not negotiated during IKEv2 negotiation, such as the identity information
of the two peers, the authentication method, and the matching criterion used to search for an IKEv2
profile.
Use undo ikev2 profile to delete an IKEv2 profile.
Syntax
ikev2 profile profile-name
undo ikev2 profile profile-name
Default
No IKEv2 profile exists.