Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Overriding IPsec Local and Peer Identities for SA Negotiations

    You can override the local and peer identities used for SA negotiations. For IPsec negotiations to succeed, the local and peer identities at one end of the tunnel must match the peer and local identities at the other end (respectively).

    • To override the local identity (phase 2 identity) used for IPsec security association negotiations:

      From IPsec Tunnel Profile Configuration mode, override the local identity.

      host1(config-ipsec-tunnel-profile)#local ip identity range 10.30.11.1 10.30.11.50

      Use the no version to restore the default value, the internal IP address allocated for the subscriber.

    • To override the peer identity (phase 2 identity) used for IPsec security association negotiations:

      From IPsec Tunnel Profile Configuration mode, override the peer identity.

      host1(config-ipsec-tunnel-profile)#peer ip identity address 10.227.1.2

      Use the no version to restore the default value, the internal IP address allocated for the subscriber.

    Published: 2014-08-12