Keychain - HP FlexFabric 7900 Series Command Reference Manual

undo ike proposal proposal-number
Default
The system has an IKE proposal that is used as the default IKE proposal. This proposal has the lowest
priority and uses the following settings:
Encryption algorithm—DES-CBC in non-FIPS mode and AES-CBC- 1 28 in FIPS mode.
•
Authentication method—HMAC-SHA1.
•
• Authentication algorithm—Pre-shared key authentication.
DH group—Group1 in non-FIPS mode and group14 in FIPS mode.
•
IKE SA lifetime—86400 seconds.
•
You cannot change the settings of the default IKE proposal.
Views
System view
Predefined user roles
network-admin
Parameters
proposal-number: Specifies an IKE proposal number in the range of 1 to 65535. The lower the number,
the higher the priority of the IKE proposal.
Usage guidelines
During IKE negotiation:
The initiator sends its IKE proposals to the peer.
•
If the initiator is using an IPsec policy with an IKE profile, the initiator sends all IKE proposals
referenced by the IKE profile to the peer. An IKE proposal specified earlier for the IKE profile has
a higher priority.
If the initiator is using an IPsec policy with no IKE profile, the initiator sends all its IKE proposals
to the peer. An IKE proposal with a smaller number has a higher priority.
The peer searches its own IKE proposals for a match. The search starts from the IKE proposal with
•
the highest priority and proceeds in descending order of priority until a match is found. The
matching IKE proposals are used to establish the IKE SA. If all user-defined IKE proposals are
mismatched, the two peers use their default IKE proposals to establish the IKE SA.
Examples
# Create IKE proposal 1 and enter its view.
<Sysname> system-view
[Sysname] ike proposal 1
[Sysname-ike-proposal-1]
Related commands
display ike proposal

keychain

Use keychain to specify an IKE keychain for pre-shared key authentication.
Use undo keychain to remove the IKE keychain reference.
166