HPE FlexFabric 5940 Series Security Configuration Manual page 366

To configure an IKEv2 proposal:
Step
1. Enter system view.
2. Create an IKEv2 proposal
and enter IKEv2 proposal
view.
3. Specify the encryption
algorithms.
4. Specify the integrity
protection algorithms.
5. Specify the PRF
algorithms.
6. Specify the DH groups.
Command
system-view
ikev2 proposal proposal-name
In non-FIPS mode:
encryption { 3des-cbc |
aes-cbc-128 | aes-cbc-192 |
aes-cbc-256 | aes-ctr-128 |
aes-ctr-192 | aes-ctr-256 |
camellia-cbc-128 |
camellia-cbc-192 |
camellia-cbc-256 | des-cbc } *
In FIPS mode:
encryption { aes-cbc-128 |
aes-cbc-192 | aes-cbc-256 |
aes-ctr-128 | aes-ctr-192 |
aes-ctr-256 } *
In non-FIPS mode:
integrity { aes-xcbc-mac | md5 |
sha1 | sha256 | sha384 | sha512 }
*
In FIPS mode:
integrity { sha1 | sha256 | sha384
| sha512 } *
In non-FIPS mode:
prf { aes-xcbc-mac | md5 | sha1 |
sha256 | sha384 | sha512 } *
In FIPS mode:
prf { sha1 | sha256 | sha384 |
sha512 } *
In non-FIPS mode:
dh { group1 | group14 | group2 |
353
Remarks
N/A
By default, an IKEv2 proposal
named default exists.
In non-FIPS mode, the default
proposal uses the following settings:
•
Encryption algorithms
AES-CBC-128 and 3DES.
•
Integrity protection algorithms
HMAC-SHA1 and HMAC-MD5.
•
PRF algorithms HMAC-SHA1
and HMAC-MD5.
•
DH groups 2 and 5.
In FIPS mode, the default proposal
uses the following settings:
•
Encryption algorithms
AES-CBC-128 and
AES-CTR-128.
•
Integrity protection algorithms
HMAC-SHA1 and
HMAC-SHA256.
•
PRF algorithms HMAC-SHA1
and HMAC-SHA256.
•
DH groups 14 and 19.
By default, an IKEv2 proposal does
not have any encryption algorithms.
By default, an IKEv2 proposal does
not have any integrity protection
algorithms.
By default, an IKEv2 proposal uses
the integrity protection algorithms as
the PRF algorithms.
By default, an IKEv2 proposal does
not have any DH groups.