Setting the IKE Peer Identity

To set the IKE peer identity values, use the ike peer-identity command. You can set the profile to accept logins from users that present one of the following:

• An asn1DN as an IKE identity type (an ASN.1-encoded distinguished name) and the user-provided IKE identity contains the substring configured for the profile.
• A userFQDN or FQDN as an IKE identity type and the domain name portion of the IKE identity matches the domain name setting for this profile. An empty string (default) means that IKE identity types of userFQDN and FQDN are not allowed for logins on this profile.

  The IKE identity type of userFQDN also carries a domain name. Users presenting this identity must also pass any restrictions set for the peer domain name for this profile before they are able to log in.

• An IP address as an IKE identity type and the IP address resides within the specified network. The default of 0.0.0.0/0 allows any peer IP address to this profile.
• A userFQDN as an IKE identity type and the username portion of the IKE identity matches the username setting for this profile. An empty string (default) means that an IKE identity type of userFQDN is not allowed for logins on this profile.

  Note: You can also use the wildcard (*) for the username and domain name or as the first or last character in the username or domain name string.

ike peer-identity distinguished-name

ike peer-identity domain-name

ike peer-identity ip address

ike peer-identity username

• Use to set the IKE peer identity used for IKE security association (SA) negotiations.
• Example

  host1(config-ipsec-tunnel-profile)#ike peer-identity domain-name domain2

• Use the no version to remove the specified IKE peer identity.
• See ike peer-identity distinguished-name.
• See ike peer-identity domain-name.
• See ike peer-identity ip address.
• See ike peer-identity username.

Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice.