Integrity - HP FlexNetwork MSR Series Command Reference Manual
Comware 7 security
Hide thumbs
Also See for FlexNetwork MSR Series:
- Configuration manual (392 pages) ,
- Configuration manuals (159 pages)
Advertisement
Examples
# Create an IKEv2 profile named profile1.
<Sysname> system-view
[Sysname] ikev2 profile profile1
# Specify the inside VPN instance vpn1.
[Sysname-ikev2-profile-profile1] inside-vrf vpn1
integrity
Use integrity to specify integrity protection algorithms for an IKEv2 proposal.
Use undo integrity to restore the default.
Syntax
In non-FIPS mode:
integrity { aes-xcbc-mac | md5 | sha1 | sha256 | sha384 | sha512 } *
undo integrity
In FIPS mode:
integrity { sha1 | sha256 | sha384 | sha512 } *
undo integrity
Default
No integrity protection algorithm is specified for an IKEv2 proposal.
Views
IKEv2 proposal view
Predefined user roles
network-admin
Parameters
aes-xcbc-mac: Uses the HMAC-AES-XCBC-MAC algorithm.
md5: Uses the HMAC-MD5 algorithm.
sha1: Uses the HMAC-SHA1 algorithm.
sha256: Uses the HMAC-SHA256 algorithm.
sha384: Uses the HMAC-SHA384 algorithm.
sha512: Uses the HMAC-SHA512 algorithm.
Usage guidelines
You must specify a minimum of one integrity protection algorithm for an IKEv2 proposal. Otherwise,
the proposal is incomplete and useless. You can specify multiple integrity protection algorithms for
an IKEv2 proposal. An algorithm specified earlier has a higher priority.
Examples
# Create an IKEv2 proposal named prop1.
<Sysname> system-view
[Sysname] ikev2 proposal prop1
# Specify HMAC-SHA1 and HMAC-MD5 as the integrity protection algorithms, with HMAC-SHA1
preferred.
[Sysname-ikev2-proposal-prop1] integrity sha1 md5
580
Advertisement
