local-identity

Syntax

local-identity (distinguished-name string | hostname hostname | inet ip-address | user-at-hostname e-mail-address );

Hierarchy Level

[edit security group-vpn member ike gateway gateway-name][edit security group-vpn server ike gateway gateway-name][edit security ike gateway gateway-name ]

Release Information

Statement introduced in Release 8.5 of Junos OS. Support for group-vpn hierarchies added in Junos OS Release 10.2.

Description

Specify the local IKE identity to send in the exchange with the destination peer so that the destination peer can communicate with the local peer. If you do not configure a local-identity, the device uses the IP address corresponding to the local endpoint by default. (The distinguished-name option is not supported on dynamic VPN implementations.)

Options

distinguished-name string —Specify identity as the distinguished name (DN) from the certificate. If there is more than one certificate on the device, use the security ike gateway gateway-name policy policy-name certificate local-certificate certificate-id statement to specify a certificate.

hostname hostname—Specify identity as a fully qualified domain name (FQDN).

inet ip-address—Specify identity as an IP address.

user-at-hostname e-mail-address—Specify identity as an e-mail address.

Usage Guidelines

For configuration instructions and examples, see the Junos OS Security Configuration Guide.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.