Encryption-Algorithm; Exchange-Mode - HPE FlexNetwork HSR6800 Security Command Reference

encryption-algorithm

Use encryption-algorithm to specify an encryption algorithm for an IKE proposal.
Use undo encryption-algorithm to restore the default.
Syntax
encryption-algorithm { 3des-cbc | aes-cbc [ key-length ] | des-cbc }
undo encryption-algorithm
Default
In FIPS mode, an IKE proposal uses the 128-bit AES-CBC encryption algorithm in CBC mode.
In non-FIPS mode, an IKE proposal uses the 56-bit DES encryption algorithm in CBC mode.
Views
IKE proposal view
Default command level
2: System level
Parameters
3des-cbc: Uses the 3DES algorithm in CBC mode as the encryption algorithm. The 3DES algorithm
uses 168-bit keys for encryption. This keyword is not supported in FIPS mode.
aes-cbc: Uses the AES algorithm in CBC mode as the encryption algorithm. The AES algorithm
uses 128-bit, 192-bit, or 256-bit keys for encryption.
key-length: Specifies the key length for the AES algorithm, which can be 128, 192 or 256 bits and is
defaulted to 128 bits.
des-cbc: Uses the DES algorithm in CBC mode as the encryption algorithm. The DES algorithm
uses 56-bit keys for encryption. This keyword is not supported in FIPS mode.
Examples
# Use 56-bit DES in CBC mode as the encryption algorithm for IKE proposal 10.
<Sysname> system-view
[Sysname] ike proposal 10
[Sysname-ike-proposal-10] encryption-algorithm des-cbc
Related commands
•
ike proposal
•
display ike proposal

exchange-mode

Use exchange-mode to select an IKE negotiation mode.
Use undo exchange-mode to restore the default.
Syntax
exchange-mode { aggressive | main }
undo exchange-mode
Default
Main mode is used.
312