H3C S6550X-HI Series Command Reference Manual page 2361

Default
An IKEv2 proposal named default exists.
•
Encryption algorithm—AES-CBC-128 and 3DES.
•
Integrity protection algorithm—HMAC-SHA1 and HMAC-MD5.
•
PRF algorithm—HMAC-SHA1 and HMAC-MD5.
•
DH group—Group 5 and group 2.
Views
System view
Predefined user roles
network-admin
Parameters
proposal-name
case-insensitive string of 1 to 63 characters and cannot be default.
Usage guidelines
An IKEv2 proposal contains security parameters used in IKE_SA_INIT exchanges, including the
encryption algorithms, integrity protection algorithms, PRF algorithms, and DH groups.
An IKEv2 proposal must have a minimum of one set of security parameters, including one encryption
algorithm, one integrity protection algorithm, one PRF algorithm, and one DH group.
In an IKEv2 proposal, you can specify multiple parameters of the same type. The parameters of
different types combine and form multiple sets of security parameters. If you want to use only one set
of security parameters, configure only one set of security parameters for the IKEv2 proposal.
Examples
# Create an IKEv2 proposal named prop1. Specify encryption algorithm AES-CBC-128, integrity
protection algorithm SHA1, PRF algorithm SHA1, and DH group 2.
<Sysname> system-view
[Sysname] ikev2 proposal prop1
[Sysname-ikev2-proposal-prop1] encryption aes-cbc-128
[Sysname-ikev2-proposal-prop1] integrity sha1
[Sysname-ikev2-proposal-prop1] prf sha1
[Sysname-ikev2-proposal-prop1] dh group2
Related commands
encryption-algorithm
integrity
prf
dh
inside-vrf
Use inside-vrf
Use
undo inside-vrf
Syntax
inside-vrf vrf-name
undo inside-vrf
: Specifies a name for the IKEv2 proposal. The proposal name is a
to specify an inside VPN instance.
to restore the default.
27