353
To configure an IKEv2 proposal:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Create an IKEv2 proposal
and enter IKEv2 proposal
view.
ikev2 proposal
proposal-name
By default, an IKEv2 proposal
named
default
exists.
In non-FIPS mode, the default
proposal uses the following settings:
• Encryption algorithms
AES-CBC-128 and 3DES.
• Integrity protection algorithms
HMAC-SHA1 and HMAC-MD5.
• PRF algorithms HMAC-SHA1
and HMAC-MD5.
• DH groups 2 and 5.
In FIPS mode, the default proposal
uses the following settings:
• Encryption algorithms
AES-CBC-128 and
AES-CTR-128.
• Integrity protection algorithms
HMAC-SHA1 and
HMAC-SHA256.
• PRF algorithms HMAC-SHA1
and HMAC-SHA256.
• DH groups 14 and 19.
3. Specify the encryption
algorithms.
In non-FIPS mode:
encryption
{
3des-cbc
|
aes-cbc-128
|
aes-cbc-192
|
aes-cbc-256
|
aes-ctr-128
|
aes-ctr-192
|
aes-ctr-256
|
camellia-cbc-128
|
camellia-cbc-192
|
camellia-cbc-256
|
des-cbc
} *
In FIPS mode:
encryption
{
aes-cbc-128
|
aes-cbc-192
|
aes-cbc-256
|
aes-ctr-128
|
aes-ctr-192
|
aes-ctr-256
} *
By default, an IKEv2 proposal does
not have any encryption algorithms.
4. Specify the integrity
protection algorithms.
In non-FIPS mode:
integrity
{
aes-xcbc-mac
|
md5
|
sha1
|
sha256
|
sha384
|
sha512
}
*
In FIPS mode:
integrity
{
sha1
|
sha256
|
sha384
|
sha512
} *
By default, an IKEv2 proposal does
not have any integrity protection
algorithms.
5. Specify the PRF
algorithms.
In non-FIPS mode:
prf
{
aes-xcbc-mac
|
md5
|
sha1
|
sha256
|
sha384
|
sha512
} *
In FIPS mode:
prf
{
sha1
|
sha256
|
sha384
|
sha512
} *
By default, an IKEv2 proposal uses
the integrity protection algorithms as
the PRF algorithms.
6. Specify the DH groups.
In non-FIPS mode:
dh
{
group1
|
group14
|
group2
|
By default, an IKEv2 proposal does
not have any DH groups.
To Next Page
Loading...
Need help?
General