Configuring an IKEv2 keychain
About IKEv2 keychain
An IKEv2 keychain specifies the pre-shared keys used for IKEv2 negotiation.
An IKEv2 keychain can have multiple IKEv2 peers. Each peer has a symmetric pre-shared key or an asymmetric pre-shared key pair, and information for identifying the peer (such as the peer's host name, IP address or address range, or ID).
An IKEv2 negotiation initiator uses the peer host name or IP address/address range as the matching criterion to search for a peer. A responder uses the peer host IP address/address range or ID as the matching criterion to search for a peer.
Procedure
Enter system view.
system-view
Create an IKEv2 keychain and enter its view.
ikev2 keychain keychain-name
Create an IKEv2 peer and enter its view.
peer name
Configure a host name for the peer:
hostname name
By default, no host name is configured for an IKEv2 peer.
Configure a host IP address or address range for the peer:
address { ipv4-address [ mask | mask-length ] | ipv6 ipv6-address [ prefix-length ] }
By default, no host IP address or address range is configured for an IKEv2 peer.
You must configure different host IP addresses/address ranges for different peers.
Configure an ID for the peer:
identity { address { ipv4-address | ipv6 { ipv6-address } } | fqdn fqdn-name | email email-string | key-id key-id-string }
By default, no identity information is configured for an IKEv2 peer.
Configure a pre-shared key for the peer.
pre-shared-key [ local | remote ] { ciphertext | plaintext } string
By default, an IKEv2 peer does not have a pre-shared key.