HPE Moonshot 45Gc Security Configuration Manual page 325

You can specify multiple IKEv2 proposals for an IKEv2 policy. A proposal specified earlier has a
higher priority.
To configure an IKEv2 proposal:
Step
1. Enter system view.
2. Create an IKEv2 proposal
and enter IKEv2 proposal
view.
3. Specify the encryption
algorithms.
4. Specify the integrity
protection algorithms.
5. Specify the PRF
algorithms.
Command
system-view
ikev2 proposal proposal-name
In non-FIPS mode:
encryption { 3des-cbc |
aes-cbc-128 | aes-cbc-192 |
aes-cbc-256 | aes-ctr-128 |
aes-ctr-192 | aes-ctr-256 |
camellia-cbc-128 |
camellia-cbc-192 |
camellia-cbc-256 | des-cbc } *
In FIPS mode:
encryption { aes-cbc-128 |
aes-cbc-192 | aes-cbc-256 |
aes-ctr-128 | aes-ctr-192 |
aes-ctr-256 } *
In non-FIPS mode:
integrity { aes-xcbc-mac | md5 |
sha1 | sha256 | sha384 | sha512 }
*
In FIPS mode:
integrity { sha1 | sha256 | sha384
| sha512 } *
In non-FIPS mode:
prf { aes-xcbc-mac | md5 | sha1 |
sha256 | sha384 | sha512 } *
In FIPS mode:
prf { sha1 | sha256 | sha384 |
sha512 } *
312
Remarks
N/A
By default, an IKEv2 proposal
named default exists.
In non-FIPS mode, the default
proposal uses the following settings:
•
Encryption algorithms
AES-CBC-128 and 3DES.
•
Integrity protection algorithms
HMAC-SHA1 and HMAC-MD5.
•
PRF algorithms HMAC-SHA1
and HMAC-MD5.
•
DH groups 2 and 5.
In FIPS mode, the default proposal
uses the following settings:
•
Encryption algorithms
AES-CBC-128 and
AES-CTR-128.
•
Integrity protection algorithms
HMAC-SHA1 and
HMAC-SHA256.
•
PRF algorithms HMAC-SHA1
and HMAC-SHA256.
•
DH groups 14 and 19.
By default, an IKEv2 proposal does
not have any encryption algorithms.
By default, an IKEv2 proposal does
not have any integrity protection
algorithms.
By default, an IKEv2 proposal uses
the integrity protection algorithms as
the PRF algorithms.