Configuring An Ikev2 Keychain - HP MSR Series Configuration Manual

Step
4. Specify the integrity
protection algorithms.
5. Specify the PRF
algorithms.
6. Specify the DH groups.

Configuring an IKEv2 keychain

An IKEv2 keychain specifies the pre-shared keys used for IKEv2 negotiation.
An IKEv2 keychain can have multiple IKEv2 peers. Each peer has a symmetric pre-shared key or an
asymmetric pre-shared key pair, and information for identifying the peer (such as the peer's host
name, IP address or address range, or ID).
An IKEv2 negotiation initiator uses the peer host name or IP address/address range as the matching
criterion to search for a peer. A responder uses the peer host IP address/address range or ID as the
matching criterion to search for a peer.
To configure an IKEv2 keychain:
Step
1. Enter system view.
2. Create an IKEv2 keychain
and enter IKEv2 keychain
view.
3. Create an IKEv2 peer and
enter IKEv2 peer view.
Command
In non-FIPS mode:
integrity { aes-xcbc-mac | md5 |
sha1 | sha256 | sha384 | sha512 }
*
In FIPS mode:
integrity { sha1 | sha256 | sha384
| sha512 } *
In non-FIPS mode:
prf { aes-xcbc-mac | md5 | sha1 |
sha256 | sha384 | sha512 } *
In FIPS mode:
prf { sha1 | sha256 | sha384 |
sha512 } *
In non-FIPS mode:
dh { group1 | group14 | group2 |
group24 | group5 | group19 |
group20 } *
In FIPS mode:
dh { group14 | group19 |
group20 } *
Command
system-view
ikev2 keychain keychain-name
peer name
369
Remarks
By default, an IKEv2 proposal does
not have any integrity protection
algorithms.
By default, an IKEv2 proposal uses
the integrity protection algorithms as
the PRF algorithms.
By default, an IKEv2 proposal does
not have any DH groups.
Remarks
N/A
By default, no IKEv2 keychains
exist.
By default, no IKEv2 peers exist.