3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide
IKE Configuration 177
By default, the main mode is adopted.
n
■ If the IP address of one end of a security Tunnel is dynamic, you must adopt the
aggressive mode for IKE negotiation.
■ After accepting a negotiation request from the initiator by using a policy
template, the responder end selects the negotiation mode according to the
negotiation mode of the initiator.
Configuring pre-shared key
Perform the following configuration in IKE-peer view.
Configuring ID type in IKE negotiation
Perform the following configuration in IKE-peer view.
By default, IP address is taken as the ID in IKE negotiation.
In main mode, only IP address can be taken as the ID in IKE negotiation. In
aggressive mode, however, you may use either IP address or name as the ID in IKE
negotiation.
Specifying name of the remote device
If the initiator uses its GW name in IKE negotiation (that is, id-type name is used),
it sends the name to the peer as its identity, whereas the peer uses the username
configured using the remote-name name command to authenticate the initiator.
To pass authentication, this remote name must be the same one configured using
the ike local-name command on the gateway at the initiator end.
Perform the following configuration in IKE-peer view.
Tab le 174 Configure negotiation mode
Operation Command
Configure IKE negotiation mode exchange-mode { aggressive | main }
Restore the default IKE negotiation mode undo exchange-mode
Tab le 175 Configure pre-shared key
Operation Command
Configure a pre-shared key for IKE negotiation pre-shared-key key
Remove the pre-shared key used in IKE negotiation undo pre-shared-key
Tab le 176 Configure ID type in IKE negotiation
Operation Command
Select ID type in the IKE negotiation id-type { ip | name }
Restore the default ID type in the IKE
negotiation
undo id-type
Tab le 177 Specify name of the remote device
Operation Command
Specify the name of a remote device remote-name name