HP 7000 dl Router manual John*@domain.com, Domain.com, Crypto ike remote id address 10.10.10.0

Functional Notes

The fqdn and user-fqdn<WORD> line can include wildcard characters. The wildcard characters are "*” for a 0 or more character match and "?" for a single character match. Currently, the "?" cannot be set up using the CLI, but it can be transferred to the unit via the startup-config.

Example for user-fqdn:

john*@domain.com

will match: johndoe@domain.com johnjohn@myemail.com john@myemail.com

Example for fqdn:

*.domain.com

will match:

www.domain.com

ftp.domain.com

one.www.domain.com

The address remote ID can be in the form of a single host address or in the form of an IP address wildcard.

Example for address type:

crypto ike remote id address 10.10.10.0 0.0.0.255

will match:

10.10.10.1

10.10.10.2

and all IP addresses in the form of 10.10.10.X (where X is 0-255)

The asn1-dn<WORD> line can include wildcard characters. The wildcard characters are "*" for a 0 or more character match and "?" for a single character match. Currently, the "?" cannot be set up using the CLI, but it can be transferred to the unit via the startup-config.

Example for typical asn1-dnformat with no wildcards:

crypto ike remote-id asn1-dn "CN=MyRouter, C=US, S=CA, L=Roseville, O-HP, OU=TechSupport" (matches only remote ID strings with all fields exactly the same)

Example for typical asn1-dnformat with wildcards used to match a string within a field: crypto ike remote-idasn1-dn "CN=*, C=*, S=*, L=*, O=*, OU=*"

(matches any asn1-dn remote ID string from a peer)

Example for typical asn1-dnformat with wildcards used to match a portion of the remote ID:

crypto ike remote-id asn1-dn "CN=*, C=US, S=CA, L=Roseville, O=HP, OU=*"

(matches any remote ID string with the same values for the C, S, L, and O fields, and any values in the CN and OU fields)