Ikev2 Proposal - H3C MSR Series Command Reference Manual

<Sysname> system-view
[Sysname] ikev2 profile profile1
[Sysname-ikev2-profile-profile1]
Related commands
display ikev2 profile

ikev2 proposal

Use ikev2 proposal to create an IKEv2 proposal and enter its view, or enter the view of an existing
IKEv2 proposal.
Use undo ikev2 proposal to delete an IKEv2 proposal.
Syntax
ikev2 proposal proposal-name
undo ikev2 proposal proposal-name
Default
An IKEv2 proposal named default exists, which has the lowest priority and uses the following
settings:
•
In non-FIPS mode:
Encryption algorithm—AES-CBC-128 and 3DES.

Integrity protection algorithm—HMAC-SHA1 and HMAC-MD5.

PRF algorithm—HMAC-SHA1 and HMAC-MD5.

DH group—Group 5 and group 2.

•
In FIPS mode:
Encryption algorithm—AES-CBC-128 and AES-CTR-128.

Integrity protection algorithm—HMAC-SHA1 and HMAC-SHA256.

PRF algorithm—HMAC-SHA1 and HMAC-SHA256.

DH group—Group 14 and group 19.

Views
System view
Predefined user roles
network-admin
Parameters
proposal-name: Specifies a name for the IKEv2 proposal. The proposal name is a case-insensitive
string of 1 to 63 characters and cannot be default.
Usage guidelines
An IKEv2 proposal contains security parameters used in IKE_SA_INIT exchanges, including the
encryption algorithms, integrity protection algorithms, PRF algorithms, and DH groups.
An IKEv2 proposal must have a minimum of one set of security parameters, including one encryption
algorithm, one integrity protection algorithm, one PRF algorithm, and one DH group.
In an IKEv2 proposal, you can specify multiple parameters of the same type. The parameters of
different types combine and form multiple sets of security parameters. If you want to use only one set
of security parameters, configure only one set of security parameters for the IKEv2 proposal.
636