HP 5920 Command Reference Manual page 397
Hide thumbs
Also See for 5920:
- Command reference manual (607 pages) ,
- Configuration manual (424 pages) ,
- Fc and fcoe configuration manual (257 pages)
Table of Contents
Advertisement
Syntax
ike proposal proposal-number
undo ike proposal proposal-number
Default
The system has an IKE proposal that is used as the default IKE proposal. This proposal has the lowest
priority and uses the following settings:
Encryption algorithm—DES-CBC in non-FIPS mode and AES-CBC- 1 28 in FIPS mode.
•
Authentication method—HMAC-SHA1.
•
•
Authentication algorithm—Pre-shared key authentication.
DH group—Group 1 in non-FIPS mode and group 14 in FIPS mode.
•
IKE SA lifetime—86400 seconds.
•
You cannot change the settings of the default IKE proposal.
Views
System view
Predefined user roles
network-admin
Parameters
proposal-number: Specifies an IKE proposal number in the range of 1 to 65535. The lower the number,
the higher the priority of the IKE proposal.
Usage guidelines
During IKE negotiation:
The initiator sends its IKE proposals to the peer.
•
If the initiator is using an IPsec with an IKE profile, the initiator sends all IKE proposals
referenced by the IKE profile to the peer. An IKE proposal specified earlier for the IKE profile
has a higher priority.
If the initiator is using an IPsec with no IKE profile, the initiator sends all its IKE proposals to the
peer. An IKE proposal with a smaller number has a higher priority.
The peer searches its own IKE proposals for a match. The search starts from the IKE proposal with
•
the highest priority and proceeds in the descending order of priority until a match is found. The
matching IKE proposals are used to establish the IKE SA. If all user-defined IKE proposals are found
mismatching, the two peers use their default IKE proposals to establish the IKE SA.
Examples
# Create IKE proposal 1 and enter its view.
<Sysname> system-view
[Sysname] ike proposal 1
[Sysname-ike-proposal-1]
385
Advertisement
Table of Contents
