EasyManuals Logo
Home>HPE>Network Router>FlexNetwork MSR Series

HPE FlexNetwork MSR Series Comware 5 Security Configuration Guide

HPE FlexNetwork MSR Series
547 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #236 background imageLoading...
Page #236 background image
223
NOTE:
The device supports assigning an IPv6 address to an IKEv2 negotiation initiator. You can configure
an IPv4 address pool, but the configuration does not take effect.
Configuring an IKEv2 proposal
An IKEv2 proposal comprises security parameters used in IKE_SA_INIT exchanges, including the
encryption algorithms, integrity protection algorithms, PRF algorithms, and DH groups. An algorithm
configured earlier has a higher priority.
A complete IKEv2 proposal must have at least one set of security parameters, including one
encryption algorithm, one integrity protection algorithm, one PRF algorithm, and one DH group.
To configure an IKEv2 proposal
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Create an IKEv2 proposal
and enter IKEv2 proposal
view.
ikev2 proposal
proposal-name
The device has a system
predefined IKEv2 proposal
named
default
. This proposal
has the lowest priority and uses
these settings:
• Encryption algorithms
DES-CBC-128 and 3DES.
• Integrity protection
algorithms SHA1 and
MD5.
• PRF algorithms SHA1 and
MD5.
• DH groups 2 and 5.
3. Specify the encryption
algorithms.
encryption
{
3des-cbc
|
aes-cbc-128
|
aes-cbc-192
|
aes-cbc-256
|
aes-ctr-128
|
aes-ctr-192
|
aes-ctr-256
|
camellia-cbc-128
|
camellia-cbc-192
|
camellia-cbc-256
|
des-cbc
} *
By default, an IKEv2 proposal
has no encryption algorithm.
4. Specify the integrity
protection algorithms.
integrity
{
aes-xcbc-mac
|
md5
|
sha1
|
sha2-256
} *
By default, an IKEv2 proposal
has no integrity protection
algorithm.
5. Specify the PRF
algorithms.
prf
{
aes-xcbc-mac
|
md5
|
sha1
|
sha2-256
} *
By default, an IKEv2 proposal
has no PRF algorithm.
6. Specify the DH groups.
group
{
1
|
2
|
5
|
14
} *
By default, an IKEv2 proposal
has no DH group.
Configuring an IKEv2 policy
During the IKE_SA_INIT exchange, each end tries to find a matching IKEv2 policy, using the IP
address of the local security gateway as the matching criterion:
• If there are IKEv2 policies configured, IKEv2 searches for an IKEv2 policy that uses the IP
address of the local security gateway. If no IKEv2 policy uses the IP address or the policy is
using an incomplete proposal, the IKE_SA_INIT exchange fails.

Table of Contents

Other manuals for HPE FlexNetwork MSR Series

Preview: Configuration Guide
Configuration Guide861 pages
Preview: Comware 7 Layer 3 - Ip Services Configuration Guides
Comware 7 Layer 3 - Ip Services Configuration Guides554 pages
Preview: Guide
Guide213 pages
Preview: Command Reference
Command Reference120 pages
Preview: Comware 5 Layer 2 - Wan Access Configuration Guide
Comware 5 Layer 2 - Wan Access Configuration Guide420 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HPE FlexNetwork MSR Series and is the answer not in the manual?

HPE FlexNetwork MSR Series Specifications

General IconGeneral
BrandHPE
ModelFlexNetwork MSR Series
CategoryNetwork Router
LanguageEnglish

Related product manuals