Creating An Ikev2 Proposal; Importing An Ikev2 Digital Certificate - Lenovo RackSwitch G8264 Application Manual

Creating an IKEv2 Proposal

1. Enter IKEv2 proposal mode.
2. Set the DES encryption algorithm.
3. Set the authentication integrity algorithm type.
4. Set the Diffie‐Hellman group.

Importing an IKEv2 Digital Certificate

1. Import the CA certificate file.
2. Import the host key file.
3. Import the host certificate file.
478
G8264 Application Guide for ENOS 8.4
Note: During the IKEv2 negotiation phase, the digital certificate takes precedence
over the preshared key.
With IKEv2, a single policy can have multiple encryption and authentication types,
as well as multiple integrity algorithms.
To create an IKEv2 proposal:
RS G8264(config)# ikev2 proposal
RS G8264(config-ikev2-prop)# encryption 3des|aes­cbc (default: 3des)
RS G8264(config­ikev2­prop)# integrity sha1
RS G8264(config-ikev2-prop)# group 1|2|5|14|24 (default: 24)
To import an IKEv2 digital certificate for authentication:
RS G8264(config)# copy tftp ca­cert address <hostname or IPv4 address>
Source file name: <path and filename of CA certificate file>
Confirm download operation [y/n]: y
RS G8264(config)# copy tftp host­key address <hostname or IPv4 address>
Source file name: <path and filename of host private key file>
Confirm download operation [y/n]: y
RS G8264(config)# copy tftp host­cert address <hostname or IPv4 address>
Source file name: <path and filename of host certificate file>
Confirm download operation [y/n]: y
Note: When prompted for the port to use for download the file, if you used a
management port to connect the switch to the server, enter mgt, otherwise enter
data.
(default: sha1 )