HP FlexNetwork MSR Series Command Reference Manual page 585
Comware 7 security
Hide thumbs
Also See for FlexNetwork MSR Series:
- Configuration manual (392 pages) ,
- Configuration manuals (159 pages)
Advertisement
Views
IKEv2 proposal view
Predefined user roles
network-admin
Parameters
group1: Uses the 768-bit Diffie-Hellman group.
group2: Uses the 1024-bit Diffie-Hellman group.
group5: Uses the 1536-bit Diffie-Hellman group.
group14: Uses the 2048-bit Diffie-Hellman group.
group24: Uses the 2048-bit Diffie-Hellman group with the 256-bit prime order subgroup.
group19: Uses 256-bit ECP Diffie-Hellman group.
group20: Uses 384-bit ECP Diffie-Hellman group.
Usage guidelines
A DH group with a higher group number provides higher security but needs more time for processing.
To achieve the best trade-off between processing performance and security, choose proper DH
groups for your network.
You must specify a minimum of one DH group for an IKEv2 proposal. Otherwise, the proposal is
incomplete and useless.
You can specify multiple DH groups for an IKEv2 proposal. A group specified earlier has a higher
priority.
Examples
# Specify DH groups 1 for the IKEv2 proposal 1.
<Sysname> system-view
[Sysname] ikev2 proposal 1
[Sysname-ikev2-proposal-1] dh group1
Related commands
ikev2 proposal
dpd
Use dpd to configure IKEv2 DPD.
Use undo dpd to disable IKEv2 DPD.
Syntax
dpd interval interval [ retry seconds ] { on-demand | periodic }
undo dpd interval
Default
IKEv2 DPD is disabled. The global IKEv2 DPD settings are used.
Views
IKEv2 profile view
Predefined user roles
network-admin
567
Advertisement
