Exchange-Mode - HP FlexFabric 7900 Series Command Reference Manual

des-cbc: Uses the DES algorithm in CBC mode as the encryption algorithm. The DES algorithm uses a
56-bit key for encryption.
Usage guidelines
Different algorithms provide different levels of protection. Generally, an algorithm with a longer key is
stronger. A stronger algorithm provides more resistance to decryption but uses more resources. The
algorithm strength from low to high is des-cbc, 3des-cbc, aes-cbc-128, aes-cbc-192, and aes-cbc-256.
Examples
# Use the 128-bit AES in CBC mode as the encryption algorithm for IKE proposal 1.
<Sysname> system-view
[Sysname] ike proposal 1
[Sysname-ike-proposal-1] encryption-algorithm aes-cbc-128
Related commands
display ike proposal

exchange-mode

Use exchange-mode to select an IKE negotiation mode for phase 1.
Use undo exchange-mode to restore the default.
Syntax
In non-FIPS mode:
exchange-mode { aggressive | main }
undo exchange-mode
In FIPS mode:
exchange-mode main
undo exchange-mode
Default
Main mode is used for phase 1.
Views
IKE profile view
Predefined user roles
network-admin
Parameters
aggressive: Specifies the aggressive mode.
main: Specifies the main mode.
Usage guidelines
When the user (for example, a dial-up user) at the local end of an IPsec tunnel obtains an IP address
automatically and pre-shared key authentication is used, HP recommends that you set the IKE negotiation
mode to aggressive at the local end.
158