[x]

IKEv2 commands > ikev2 proposal

 

 Next

ikev2 proposal

Use ikev2 proposal to create an IKEv2 proposal and enter its view, or enter the view of an existing IKEv2 proposal.

Use undo ikev2 proposal to delete an IKEv2 proposal.

Syntax

ikev2 proposal proposal-name

undo ikev2 proposal proposal-name

Default

An IKEv2 proposal named default exists, which has the lowest priority and uses the following settings:

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

proposal-name: Specifies a name for the IKEv2 proposal. The proposal name is a case-insensitive string of 1 to 63 characters and cannot be default.

Usage guidelines

An IKEv2 proposal contains security parameters used in IKE_SA_INIT exchanges, including the encryption algorithms, integrity protection algorithms, PRF algorithms, and DH groups.

An IKEv2 proposal must have a minimum of one set of security parameters, including one encryption algorithm, one integrity protection algorithm, one PRF algorithm, and one DH group.

In an IKEv2 proposal, you can specify multiple parameters of the same type. The parameters of different types combine and form multiple sets of security parameters. If you want to use only one set of security parameters, configure only one set of security parameters for the IKEv2 proposal.

Examples

# Create an IKEv2 proposal named prop1. Specify encryption algorithm AES-CBC-128, integrity protection algorithm SHA1, PRF algorithm SHA1, and DH group 2.

<Sysname> system-view
[Sysname] ikev2 proposal prop1
[Sysname-ikev2-proposal-prop1] encryption-algorithm aes-cbc-128
[Sysname-ikev2-proposal-prop1] authentication-algorithm sha1
[Sysname-ikev2-proposal-prop1] prf sha1
[Sysname-ikev2-proposal-prop1] dh group2

Related commands

encryption-algorithm

integrity

prf

dh

prev

 

up

 next

ikev2 profile 

home

 inside-vrf

© Copyright 2018 Hewlett Packard Enterprise Development LP