Ike-Profile - HP 5920 Command Reference Manual

Usage guidelines
You can specify multiple ESP encryption algorithms for one IPsec transform set, and the algorithm
specified earlier has a higher priority.
• For a manual IPsec policy, the first specified ESP encryption algorithm takes effect. To make sure an
IPsec tunnel can be established successfully, the IPsec transform sets specified at both ends of the
tunnel must have the same first ESP encryption algorithm.
For an IKE-based IPsec policy, the initiator sends all ESP encryption algorithms specified in the IPsec
•
transform set to the peer end during the negotiation phase, and the responder matches the received
algorithms against its local algorithms starting from the first one until a match is found. To ensure a
successful IKE negotiation, the IPsec transform sets specified at both ends of the tunnel must have at
least one same ESP encryption algorithm.
Examples
# Configure the IPsec transform set tran1 to use aes-cbc-128 as the ESP encryption algorithm.
<Sysname> system-view
[Sysname] ipsec transform-set tran1
[Sysname-ipsec-transform-set-tran1] esp encryption-algorithm aes-cbc-128
Related commands
ipsec transform-set

ike-profile

Use ike-profile to specify an IKE profile for an IPsec policy or IPsec policy template.
Use undo ike-profile to remove the configuration.
Syntax
ike-profile profile-name
undo ike-profile
Default
An IPsec policy or IPsec policy template does not reference any IKE profile, and they use the IKE
parameters configured in system view for negotiation.
Views
IPsec policy view, IPsec policy template view
Predefined user roles
network-admin
Parameters
profile-name: Specifies an IKE profile by its name, a case-sensitive string of 1 to 63 characters.
Usage guidelines
The IKE profile referenced by an IPsec policy or IPsec policy template defines the parameters used for IKE
negotiation.
335