IKEv2 Option Description
NOTE
Not supported for NI R05.8.00 release.
ikev2 fragmentation [ mtu-size ] (Optional) To support fragmentation of IKEv2 message into small parts to avoid UDP level fragmentation. Default
it is disabled. It is at the global level because the routing can change, and we should be able to estimate what will
be the maximum size for the router. Range should be between 68 to 1500.
NOTE
Not supported for NI R05.8.00 release.
Conguring the IKEv2 Proposal
IKEv2 Proposal sets the congurable parameters which are exchange during IKEv2 peer negotiation during the rst phase.
The default IKEv2 proposal requires no conguration and its parameters are as follows:
• Encryption: aes-cbc-256
• PRF: sha384
• Integrity: sha384
• dh-group: 20
This default IKEv2 proposal will be known as ikev2-default-proposal.
The following commands are available to congure the proposals manually, if you do not want to use the default proposal.
NOTE
The default proposal command will only be available if additional cryptographic algorithms are supported, as currently there is
no requirement to support them in NI Release 5.8.00.
IKEv2 Option Description
ikev2 proposal <name> Congure IKE proposal Parameter, enter ikev2 proposal <name> cong mode.
dhgroup {1} {2} {5} {14} {15} {16}
{19} {20} {24}
Group used for Die-Hellman negotiations. Allowed values are:
• 1 — 768-bit DH
• 2 — 1024-bit DH
• 5 — 1536-bit DH
• 14 — Species the 2048-bit DH group.
• 15 — Species the 3072-bit DH group.
• 16 — Species the 4096-bit DH group.
• 19 — Species the 256-bit elliptic curve DH (ECDH) group.
• 20 — Species the 384-bit ECDH group.
• 24 — Species the 2048-bit DH/SA group.
NOTE
For the rst release, only DH-group 14, 19, and 20 will be supported. Support for other DH groups
will be considered for inclusion in the next major release.
prf { sha384 | sha256 } Hash algorithm to be used to generate key material for IKE SA negotiation. Multiple algorithms may be specied,
separated by commas.
encryption {3des} {aes-cbc-128}
{aes-cbc-192} {aes-cbc-256}
Encryption algorithm to be used to protect IKEv2 data. Multiple algorithms may be specied. Allowed values are:
• 3des
• aes-cbc-128
• aes-cbc-192
Router modules
Brocade NetIron MLXe Series Hardware Installation Guide
48 53-1004203-04
To Next Page
Loading...
Need help?
General
