4000 Router Series Security Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router

241

242

243

244

245

246

247

248

249

250

235

Examples

# Enable the QoS pre-classify feature.

<Sysname> system-view

[Sysname] ipsec policy policy1 100 manual

[Sysname-ipsec-policy-manual-policy1-100] qos pre-classify

remote-address

Use remote-address to configure the remote IP address for the IPsec tunnel.

Use undo remote-address to restore the default.

Syntax

remote-address { [ ipv6 ] host-name | ipv4-address | ipv6 ipv6-address }

undo remote-address { [ ipv6 ] host-name | ipv4-address | ipv6 ipv6-address }

Default

No remote IP address is specified for the IPsec tunnel.

Views

IPsec policy view, IPsec policy template view

Predefined user roles

network-admin

Parameters

ipv6: Specifies a remote IPv6 address. Without this keyword, you specify an IPv4 address or host name.

hostname: Specifies the remote host name, a case-insensitive string of 1 to 253 characters. The host

name can be resolved to an IP address by the DNS server.

ipv4-address: Specifies a remote IPv4 address.

ipv6-address: Specifies a remote IPv6 address.

Usage guidelines

The remote IP address is required on the IKE negotiation initiator and is optional on the responder. When

you directly configure an IKE-based IPsec policy, the device can act as an initiator or a responder. When

you configure an IPsec policy by referencing an existing IPsec policy template, the device acts only as a

responder. Therefore, the remote IP address configuration is required when an IKE-based IPsec policy is

directly configured, and it is optional when an IPsec policy is configured by referencing an existing IPsec

policy template.

A manual IPsec policy does not support DNS. Therefore, you must specify a remote IP address rather than

a remote host name for the manual IPsec policy.

If you configure a remote host name, the following scenarios apply:

• If the host name is resolved by the DNS server, the local end sends a request to the DNS server to

obtain the latest IP address corresponding to the host name when the domain name resolution

period expires. The resolution period is defined by the DNS server and restarts after the local end

obtains the latest IP address of the host.

• If the host name is resolved by the ip host command and you change the IP address of the remote

host, you must reconfigure the remote host name in the IPsec policy or IPsec policy template by using