Configuring An Ikev2 Proposal - HP FlexNetwork 10500 Series Security Configuration Manual
Hide thumbs
Also See for FlexNetwork 10500 Series:
- Configuration manual (512 pages) ,
- Specifications (42 pages) ,
- Datasheet (20 pages)
Table of Contents
Advertisement
Configuring an IKEv2 proposal
An IKEv2 proposal contains security parameters used in IKE_SA_INIT exchanges, including the
encryption algorithms, integrity protection algorithms, PRF algorithms, and DH groups. An algorithm
specified earlier has a higher priority.
A complete IKEv2 proposal must have at least one set of security parameters, including one
encryption algorithm, one integrity protection algorithm, one PRF algorithm, and one DH group.
You can specify multiple IKEv2 proposals for an IKEv2 policy. A proposal specified earlier has a
higher priority.
To configure an IKEv2 proposal:
Step
1.
Enter system view.
2.
Create an IKEv2 proposal
and enter IKEv2 proposal
view.
3.
Specify the encryption
algorithms.
Command
system-view
ikev2 proposal proposal-name
In non-FIPS mode:
encryption { 3des-cbc |
aes-cbc-128 | aes-cbc-192 |
aes-cbc-256 | aes-ctr-128 |
aes-ctr-192 | aes-ctr-256 |
camellia-cbc-128 |
camellia-cbc-192 |
camellia-cbc-256 | des-cbc } *
In FIPS mode:
encryption { aes-cbc-128 |
aes-cbc-192 | aes-cbc-256 |
aes-ctr-128 | aes-ctr-192 |
aes-ctr-256 } *
342
Remarks
N/A
By default, an IKEv2 proposal
named default exists.
In non-FIPS mode, the default
proposal uses the following settings:
•
Encryption algorithms
AES-CBC-128 and 3DES.
•
Integrity protection algorithms
HMAC-SHA1 and HMAC-MD5.
•
PRF algorithms HMAC-SHA1
and HMAC-MD5.
•
DH groups 2 and 5.
In FIPS mode, the default proposal
uses the following settings:
•
Encryption algorithms
AES-CBC-128 and
AES-CTR-128.
•
Integrity protection algorithms
HMAC-SHA1 and
HMAC-SHA256.
•
PRF algorithms HMAC-SHA1
and HMAC-SHA256.
•
DH groups 14 and 19.
By default, an IKEv2 proposal does
not have any encryption algorithms.
Advertisement
Table of Contents
Troubleshooting
