Ike Proposal - HPE FlexFabric 7900 Series Security Command Reference

Examples
# Create IKE profile 1 and enter its view.
<Sysname> system-view
[Sysname] ike profile 1
[Sysname-ike-profile-1]

ike proposal

Use ike proposal to create an IKE proposal and enter IKE proposal view.
Use undo ike proposal to delete an IKE proposal.
Syntax
ike proposal proposal-number
undo ike proposal proposal-number
Default
The system has an IKE proposal that is used as the default IKE proposal. This proposal has the
lowest priority and uses the following settings:
•
Encryption algorithm—DES-CBC in non-FIPS mode and AES-CBC-128 in FIPS mode.
•
Authentication method—HMAC-SHA1.
•
Authentication algorithm—Pre-shared key authentication.
•
DH group—Group1 in non-FIPS mode and group14 in FIPS mode.
•
IKE SA lifetime—86400 seconds.
You cannot change the settings of the default IKE proposal.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
proposal-number: Specifies an IKE proposal number in the range of 1 to 65535. The lower the
number, the higher the priority of the IKE proposal.
Usage guidelines
During IKE negotiation:
•
The initiator sends its IKE proposals to the peer.
If the initiator is using an IPsec policy with an IKE profile, the initiator sends all IKE proposals
referenced by the IKE profile to the peer. An IKE proposal specified earlier for the IKE profile
has a higher priority.
If the initiator is using an IPsec policy with no IKE profile, the initiator sends all its IKE
proposals to the peer. An IKE proposal with a smaller number has a higher priority.
•
The peer searches its own IKE proposals for a match. The search starts from the IKE proposal
with the highest priority and proceeds in descending order of priority until a match is found. The
matching IKE proposals are used to establish the IKE SA. If all user-defined IKE proposals are
mismatched, the two peers use their default IKE proposals to establish the IKE SA.
Examples
# Create IKE proposal 1 and enter its view.
231