Defining Ike Proposal - 3Com 3C13636 Configuration Manual

3Com Router 3000 Ethernet Family
Configuration Guide

8.2.2 Defining IKE Proposal

I. Establishing IKE Proposal
IKE proposal defines a set of attributes describing how IKE negotiation conducts
security communications. Configuring an IKE proposal includes the tasks of IKE
proposal
authentication algorithm, and Diffie-Hellman group ID, and SA lifetime duration setting.
In main mode, you may create multiple IKE proposals based on precedence;
negotiation can succeed so long as the negotiating parties agree on one IKE proposal.
In aggressive mode, the negotiation initiator uses only the IKE proposal with the
highest precedence to negotiate with its peer. If the peer has a match, negotiation
succeeds; if otherwise, the negotiation fails. The initiator will not use an IKE proposal
with a lower precedence to make another negotiation attempt.
This configuration is used to define an IKE proposal. The IKE proposal configured is
used to establish the security channel.
Perform the following configuration in the system view.
Table 8-2 Establish IKE proposal
Create IKE proposal
Delete IKE proposal
Execute the ike proposal command to enter the IKE proposal view, where you can
configure the encryption algorithm, authentication algorithm, Diffie-Hellman group ID,
sa duration, and authentication method.
The parameter proposal-number is the IKE proposal number, ranging from 1 to 100.
This parameter also stands for the priority. A smaller number stands for a higher priority.
You can create multiple IKE proposals for each side of the negotiation. Both sides in the
negotiation match the proposal from the one with the higher priority. There must be at
least one matched policy for successful negotiation, that is, both side must have the
same encryption and authentication algorithm, some authentication method and
Diffie-Hellman group ID.
The system provides a default IKE proposal, which has the lowest priority and has the
default encryption algorithm, authentication algorithm, Diffie-Hellman group ID, SA
duration, and authentication method. The parameters needed by an IKE proposal are
as follows.
II. Selecting Encryption Algorithm
This configuration is used to specify an encryption algorithm used by an IKE proposal.
creation, selection
Operation
3Com Corporation
in encryption algorithm,
ike proposal proposal-number
undo ike proposal proposal-number
8-5
Chapter 8 IKE Configuration
authentication
Command
mode,