Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

remote-identity

Syntax

Hierarchy Level

Description

Specify the remote IKE identity to exchange with the destination peer to establish communication. If you do not configure a remote-identity, the device uses the IPv4 or IPv6 address corresponding to the remote endpoint by default.

For Network Address Translation Traversal (NAT-T), both remote identity and local identity must be configured. You can use the NTS ‘remote-identity’ configuration to verify server identity.

Options

  • distinguished-name—Specify identity as the distinguished name (DN) from the certificate. If there is more than one certificate on the device, use the security ike gateway gateway-name policy policy-name certificate local-certificate certificate-id.

    Optional container and wildcard strings can be specified:

    • container container-string—Specify a string for the container.

    • wildcard wildcard-string—Specify a string for the wildcard.

  • hostname hostname—Specify identity as a fully qualified domain name (FQDN).

  • inet ip-address—Specify identity as an IPv4 address.

  • inet6 ipv6-address—Specify identity as an IPv6 address.

  • key-id string-key-id—Specify the key ID in ASCII sring.

  • user-at-hostname e-mail-address—Specify identity as an e-mail address.

Usage

The command option hostname is the FQDN of the server. This hostname must match the FQDN of server in the Subject Alternative Name field of the local certificate.

For example:

You can use the optional parameter distinguished-name, to verify the distinguished name (DN) in the server certificate. You can specify the DN and values in either container string or wildcard string format. If we use container option, the order of the fields in DN and their values must exactly match with the fields in the server certificate. If we use wildcard option, the order of the fields in the DN is not considered.

For example,

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 11.4.

Related Documentation