271Step Command Remarks1. Enter system view. system-view N/A2. Create an IKE keychain andenter its view.ike keychain keychain-name[ vpn-instance vpn-name ]By default, no IKE keychainexists.3. Configure a pre-shared key.pre-shared-key { address{ ipv4-address [ mask | mask-length ] |ipv6 ipv6-address [ prefix-length ] } |hostname host-name } key { ciphercipher-key | simple simple-key }By default, no pre-shared key isconfigured.For security purposes, allpre-shared keys, including thoseconfigured in plain text, aresaved in cipher text to theconfiguration file.4. (Optional.) Specify a localinterface or IP address thatthe IKE keychain can beapplied to.match local address { interface-typeinterface-number | { ipv4-address |ipv6 ipv6-address } [ vpn-instancevpn-name ] }By default, an IKE keychain canbe applied to any local interfaceor IP address.5. (Optional.) Specify apriority for the IKE keychain. priority number The default priority is 100.Configuring the global identity informationFollow these guidelines when you configure the global identity information for the local IKE.• The global identity can be used by the device for all IKE SA negotiations, and the local identity (setby the local-identity command) can be used only by the device that uses the IKE profile.• When signature authentication is used, you can set any type of the identity information.• When pre-shared key authentication is used, you cannot set the DN as the identity.To configure the global identity information:Step Command Remarks1. Enter system view. system-view N/A2. Configure the global identityto be used by the local.ike identity { address{ ipv4-address | ipv6ipv6-address } | dn | fqdn[ fqdn-name ] | user-fqdn[ user-fqdn-name ] }By default, the IP address of theinterface where the IPsec policy orIPsec policy template applies is usedas the IKE identity.