Changing the peer IP address of IPSec VPN on the firewall

Changing the peer IP address of IPSec VPN on the USG
1. Configuration method
remote-address
The remote-address command specifies the IKE peer address or address range.

remote-address { low-ip-address [ high-ip-address ] | ip-pool pool-number | authentication-address low-ip-address [ high-ip-address ] | vpn-instance vpn-instance-name low-ip-address [ high-ip-address ] }
undo remote-address [authentication-address | ip-pool ]
Parameter description
ip-pool: To assign an IP address from the local end to the peer end (such as the AP device), configure the address pool at the local end and assign an IP address to the peer end.
authentication-address: In a scenario where NAT traversal is implemented, to use the IP address for authentication, configure the authentication-address parameter to specify the pre-NAT address or address range.
vpn-instance: Specifies the VPN instance and interface IP address of the tunnel during multi-instance configuration.
If no high-ip-address is specified in the command, only one address is configured for the IKE peer.
When the IKE peer is referenced by the IPSec policy template, the remote-address command is optional. When the IKE peer is referenced by the IPSec policy, the remote-address is mandatory.
If the peer address is configured as an address segment, this IKE peer can be referenced by the IPSec policy template only.
When the IKE peer is referenced by the IPSec policy or IPSec policy template, you cannot run the remote-address command to modify the peer IP address of the IKE peer.
2. Example
system-view
[sysname] ike peer peer1
[sysname-ike-peer-peer1] remote-address 202.38.0.1 //Set the IP address of the IKE peer peer1 to 202.38.0.1.

Scroll to top