IKE configuration commands
The router supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for
features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more
information about FIPS mode, see Security Configuration Guide.
authentication-algorithm
Use authentication-algorithm to specify an authentication algorithm for an IKE proposal.
Use undo authentication-algorithm to restore the default.
Syntax
authentication-algorithm { md5 | sha }
undo authentication-algorithm
Default
An IKE proposal uses the SHA-1 authentication algorithm.
Views
IKE proposal view
Default command level
2: System level
Parameters
md5: Uses HMAC-MD5. This keyword is not supported in FIPS mode.
sha: Uses HMAC- SHA-1.
Examples
# Set MD5 as the authentication algorithm for IKE proposal 10.
<Sysname> system-view
[Sysname] ike proposal 10
[Sysname-ike-proposal-10] authentication-algorithm md5
Related commands
•
ike proposal
•
display ike proposal
authentication-method
Use authentication-method to specify an authentication method for an IKE proposal.
Use undo authentication-method to restore the default.
Syntax
authentication-method { pre-share | rsa-signature }
undo authentication-method
Default
An IKE proposal uses the pre-shared key authentication method.
302