H3C S6550X-HI Series Command Reference Manual page 2301

[Sysname] ike proposal 1
[Sysname-ike-proposal-1] description test
dh
Use dh to specify the DH group to be used for key negotiation in IKE phase 1.
Use
undo dh
Syntax
dh { group1 | group14 | group2 | group24 | group5 }
undo dh
Default
The 768-bit Diffie-Hellman group (group1) is used.
Views
IKE proposal view
Predefined user roles
network-admin
Parameters
: Uses the 768-bit Diffie-Hellman group.
group1
: Uses the 2048-bit Diffie-Hellman group.
group14
: Uses the 1024-bit Diffie-Hellman group.
group2
: Uses the 2048-bit Diffie-Hellman group with the 256-bit prime order subgroup.
group24
: Uses the 1536-bit Diffie-Hellman group.
group5
Usage guidelines
A DH group with a higher group number provides higher security but needs more time for processing.
To achieve the best trade-off between processing performance and security, choose a proper
Diffie-Hellman group for your network.
Examples
# Specify the 2048-bit Diffie-Hellman group group1 to be used for key negotiation in IKE phase 1 in
IKE proposal 1.
<Sysname> system-view
[Sysname] ike proposal 1
[Sysname-ike-proposal-1] dh group14
Related commands
display ike proposal
display ike proposal
Use
display ike proposal
Syntax
display ike proposal
to restore the default.
to display configuration information about all IKE proposals.
7