ikev2 proposal

Use ikev2 proposal to create an IKEv2 proposal and enter its view, or enter the view of an existing IKEv2 proposal.

Use undo ikev2 proposal to delete an IKEv2 proposal.


ikev2 proposal proposal-name

undo ikev2 proposal proposal-name


An IKEv2 proposal named default exists, which has the lowest priority and uses the following settings:


System view

Predefined user roles




proposal-name: Specifies a name for the IKEv2 proposal. The proposal name is a case-insensitive string of 1 to 63 characters and cannot be default.

Usage guidelines

An IKEv2 proposal contains security parameters used in IKE_SA_INIT exchanges, including the encryption algorithms, integrity protection algorithms, PRF algorithms, and DH groups.

An IKEv2 proposal must have a minimum of one set of security parameters, including one encryption algorithm, one integrity protection algorithm, one PRF algorithm, and one DH group.

In an IKEv2 proposal, you can specify multiple parameters of the same type. The parameters of different types combine and form multiple sets of security parameters. If you want to use only one set of security parameters, configure only one set of security parameters for the IKEv2 proposal.


# Create an IKEv2 proposal named prop1. Specify encryption algorithm AES-CBC-128, integrity protection algorithm SHA1, PRF algorithm SHA1, and DH group 2.

<Sysname> system-view
[Sysname] ikev2 proposal prop1
[Sysname-ikev2-proposal-prop1] encryption-algorithm aes-cbc-128
[Sysname-ikev2-proposal-prop1] authentication-algorithm sha1
[Sysname-ikev2-proposal-prop1] prf sha1
[Sysname-ikev2-proposal-prop1] dh group2

Related commands