H3C S6550X-HI Series Command Reference Manual page 2340

[Sysname] ikev2 profile profile1
# Enable the local end to add the configuration request payload to the request message of
IKE_AUTH exchange.
[Sysname-ikev2-profile-profile1] config-exchange request
Related commands
aaa authorization
display ikev2 profile
dh
Use to specify DH groups to be used in IKEv2 key negotiation.
dh
Use
undo group
Syntax
dh { group1 | group14 | group2 | group24 | group5 | group19 | group20 } *
undo dh
Default
No DH group is specified for an IKEv2 proposal.
Views
IKEv2 proposal view
Predefined user roles
network-admin
Parameters
: Uses the 768-bit Diffie-Hellman group.
group1
: Uses the 1024-bit Diffie-Hellman group.
group2
: Uses the 1536-bit Diffie-Hellman group.
group5
: Uses the 2048-bit Diffie-Hellman group.
group14
: Uses the 2048-bit Diffie-Hellman group with the 256-bit prime order subgroup.
group24
group19 : Uses the 256-bit ECP Diffie-Hellman group.
: Uses the 384-bit ECP Diffie-Hellman group.
group20
Usage guidelines
A DH group with a higher group number provides higher security but needs more time for processing.
To achieve the best trade-off between processing performance and security, choose proper DH
groups for your network.
You must specify a minimum of one DH group for an IKEv2 proposal. Otherwise, the proposal is
incomplete and useless.
You can specify multiple DH groups for an IKEv2 proposal. A group specified earlier has a higher
priority.
Examples
# Specify DH group 1 for IKEv2 proposal 1.
<Sysname> system-view
[Sysname] ikev2 proposal 1
to restore the default.
6