3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

421

422

423

424

425

426

427

428

429

430

IKE Configuration Commands 423

View

IKE-peer view

Parameter

name: Name to be specified for the peer in IKE negotiation. It is a string of 1 to 32

characters.

Description

Use the remote-name command to specify a name for the remote GW.

Use the undo remote-name command to remove the remote GW.

If the initiator uses its GW name in IKE negotiation (that is, id-type name is used),

it sends the name to the peer as its identity, whereas the peer uses the username

configured using the remote-name name command to authenticate the initiator.

To pass authentication, this remote name must be the same one configured using

the ike local-name command on the gateway at the initiator end.

Example

# Set the name of the remote GW to "beijing".

[SecBlade_VPN] ike peer new_peer

[SecBlade_VPN-ike-peer-new_peer] remote-name beijing

reset ike sa Syntax

reset ike sa [ connection-id ]

View

User view

Parameter

connection-id: Specifies the SA to be deleted. If this parameter is not specified, all

the SAs at phase 1 will be deleted.

Description

Use the reset ike sa command to delete the security tunnel set up by IKE.

If connection-id is not specified, all the SAs at phase 1 will be deleted. If ISAKMP

SA at phase 1 exists when deleting the local security tunnel, a Delete Message

notification will be sent to the remote under the protection of this security tunnel

to notify the remote to delete the corresponding SA.

IKE uses ISAKMP of two phases: phase 1 or ISAKMP SA to establish SA, phase 2 or

IPsec SA to negotiate and establish IPsec SA, using the former established SA.

Related command: display ike sa.

Example

# Delete the security tunnel to 202.38.0.2.

<SecBlade_VPN> display ike sa

conn-id remote flag phase doi

1 202.38.0.2 RD|ST 1 IPSEC