Download Print this page

HP 6125XLG Configuration Manual: Configuring An Ike Keychain

R2306-hp 6125xlg blade switch security configuration guide.
Hide thumbs

Advertisement

Step
5.
Specify an authentication
algorithm for the IKE
proposal.
6.
Specify a DH group for key
negotiation in phase 1.
7.
Set the IKE SA lifetime for
the IKE proposal.

Configuring an IKE keychain

Perform this task when you configure the IKE to use the pre-shared key for authentication.
Follow these guidelines when you configure an IKE keychain:
1.
Two peers must be configured with the same pre-shared key to pass pre-shared key authentication.
2.
You can specify the local address configured in IPsec policy or IPsec policy template view (using
the local-address command) for the IKE keychain to be applied. If no local address is configured,
specify the IP address of the interface referencing the IPsec policy.
3.
You can specify a priority number for the IKE keychain. To determine the priority of an IKE
keychain:
a.
The device examines the existence of the match local address command. An IKE keychain with
the match local address command configured has a higher priority.
b.
If a tie exists, the device compares the priority numbers. An IKE keychain with a smaller priority
number has a higher priority.
c.
If a tie still exists, the device prefers an IKE keychain configured earlier.
To configure the IKE keychain:
Step
1.
Enter system view.
2.
Create an IKE keychain and
enter its view.
3.
Configure a pre-shared key.
Command
In non-FIPS mode:
authentication-algorithm { md5 |
sha }
In FIPS mode:
authentication-algorithm sha
In non-FIPS mode:
dh { group1 | group14 | group2 |
group24 | group5 }
In FIPS mode:
dh group14
sa duration seconds
Command
system-view
ike keychain keychain-name
[ vpn-instance vpn-name ]
pre-shared-key { address
{ ipv4-address [ mask | mask-length ] |
ipv6 ipv6-address [ prefix-length ] } |
hostname host-name } key { cipher
cipher-key | simple simple-key }
228
Remarks
By default, an IKE proposal uses
the HMAC-SHA1 authentication
algorithm.
By default, DH group1 (the
768-bit DH group) is used in
non-FIPS mode, and DH group
14 (2048-bit DH group) is used
in FIPS mode.
By default, the IKE SA lifetime is
86400 seconds.
Remarks
N/A
By default, no IKE keychain
exists.
By default, no pre-shared key is
configured.
For security purposes, all
pre-shared keys, including those
configured in plain text, are
saved in cipher text to the
configuration file.

Advertisement

Troubleshooting

   Related Manuals for HP 6125XLG

Comments to this Manuals

Symbols: 0
Latest comments: