Configuring the IKEv2 keychain or PKI domain

Restrictions and guidelines

Configure the IKEv2 keychain or PKI domain for the IKEv2 profile to use. To use digital signature authentication, configure a PKI domain. To use pre-shared key authentication, configure an IKEv2 keychain.

Procedure

  1. Enter system view.

    system-view

  2. Enter IKEv2 profile view.

    ikev2 profile profile-name

  3. Specify the keychain for pre-shared key authentication or the PKI domain used to request a certificate for digital signature authentication.

    • Specify the keychain.

      keychain keychain-name

    • Specify the PKI domain.

      certificate domain domain-name [ sign | verify ]

    By default, no IKEv2 keychain or PKI domain is specified for an IKEv2 profile.