Table of Contents
Advertisement
S9700 Core Routing Switch
Configuration Guide - SPU
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ike proposal proposal-number
An IKE proposal is created and the IKE proposal view is displayed.
The IKE negotiation succeeds only when the two ends use the IKE proposals with the same
settings.
Step 3 (Optional) Run:
encryption-algorithm { des-cbc |3des-cbc | aes-cbc-128 | aes-cbc-192 | aes-
cbc-256 }
The encryption algorithm is configured.
By default, an IKE proposal uses the DES-CBC encryption algorithm.
Step 4 (Optional) Run:
authentication-method pre-share
Pre-shared key authentication is configured.
When pre-shared key authentication is configured, you must set the same pre-shared key on the
IKE peers.
When pre-shared key authentication is configured, an authenticator must be configured.
Step 5 (Optional) Run:
authentication-algorithm { md5 | sha1 }
The authentication algorithm is configured.
By default, an IKE proposal uses the SHA-1 algorithm.
Step 6 (Optional) Run:
dh { group1 | group2 }
The Diffie-Hellman group is specified.
Step 7 (Optional) Run:
prf { hmac-md5 | hmac-sha1
The algorithm used to generate the pseudo random number is specified.
Step 8 (Optional) Run:
sa duration interval
The SA lifetime is set.
If the lifetime expires, the IKE SA is automatically updated.
You can set the lifetime only for the SAs established through IKE negotiation. The lifetime of
manually created SAs is not limited. That is, the manually created SAs are always effective.
----End
Issue 01 (2012-03-15)
}
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4 IPSec Configuration
122
Advertisement
Table of Contents
