3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide
IKE Configuration Commands 413
In main mode, you can only use IP address to perform IKE negotiation and to
create an SA. It is applicable to the situation in which both end of a tunnel have
fixed IP addresses.
In IKE aggressive mode, you can use both IP addresses and name to perform IKE
negotiation and to create an SA. If the user at one end of a security tunnel obtains
IP address automatically (for example, a dial-up user), IKE negotiation mode must
be set to aggressive. In this case, you can create an SA as long as the username
and password are correct.
After accepting a negotiation request from the initiator by using a policy template,
the responder will select the negotiation mode according to the negotiation mode
of the initiator.
Related command: id-type.
Example
# Adopt the main mode for IKE negotiation.
[SecBlade_VPN] ike peer new_peer
[SecBlade_VPN-ike-peer-new_peer] exchange-mode main
id-type Syntax
id-type { ip | name }
undo id-type
View
IKE-peer view
Parameter
ip: Selects IP address as the ID used in IKE negotiation.
name: Selects name as the ID used in IKE negotiation.
Description
Use the id-type command to select the type of ID used in IKE negotiation.
Use the undo id-type command to restore the default setting. By default, IP
address is the ID used in IKE negotiation.
In main mode, you can only use IP address to perform IKE negotiation and to
create an SA.
In aggressive mode, you can use both IP address and name to perform Ike
negotiation and to create an SA.
Related command: ike local-name.
Example
# Set name as the ID used in IKE negotiation.
[SecBlade_VPN] ike peer new_peer
[SecBlade_VPN-ike-peer-new_peer] id-type name