ikev2 proposal
Use ikev2 proposal to create an IKEv2 proposal and enter its view, or enter the view of an existing IKEv2 proposal.
Use undo ikev2 proposal to delete an IKEv2 proposal.
Syntax
ikev2 proposal proposal-name
undo ikev2 proposal proposal-name
Default
An IKEv2 proposal named default exists, which has the lowest priority and uses the following settings:
In non-FIPS mode:
Encryption algorithm—AES-CBC-128 and 3DES.
Integrity protection algorithm—HMAC-SHA1 and HMAC-MD5.
PRF algorithm—HMAC-SHA1 and HMAC-MD5.
DH group—Group 5 and group 2.
In FIPS mode:
Encryption algorithm—AES-CBC-128 and AES-CTR-128.
Integrity protection algorithm—HMAC-SHA1 and HMAC-SHA256.
PRF algorithm—HMAC-SHA1 and HMAC-SHA256.
DH group—Group 14 and group 19.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
proposal-name: Specifies a name for the IKEv2 proposal. The proposal name is a case-insensitive string of 1 to 63 characters and cannot be default.
Usage guidelines
An IKEv2 proposal contains security parameters used in IKE_SA_INIT exchanges, including the encryption algorithms, integrity protection algorithms, PRF algorithms, and DH groups.
An IKEv2 proposal must have a minimum of one set of security parameters, including one encryption algorithm, one integrity protection algorithm, one PRF algorithm, and one DH group.
In an IKEv2 proposal, you can specify multiple parameters of the same type. The parameters of different types combine and form multiple sets of security parameters. If you want to use only one set of security parameters, configure only one set of security parameters for the IKEv2 proposal.
Examples
# Create an IKEv2 proposal named prop1. Specify encryption algorithm AES-CBC-128, integrity protection algorithm SHA1, PRF algorithm SHA1, and DH group 2.
<Sysname> system-view [Sysname] ikev2 proposal prop1 [Sysname-ikev2-proposal-prop1] encryption-algorithm aes-cbc-128 [Sysname-ikev2-proposal-prop1] authentication-algorithm sha1 [Sysname-ikev2-proposal-prop1] prf sha1 [Sysname-ikev2-proposal-prop1] dh group2
Related commands
encryption-algorithm
integrity
prf
dh