[x]

IKEv2 commands > integrity

 

 Next

integrity

Use integrity to specify integrity protection algorithms for an IKEv2 proposal.

Use undo integrity to restore the default.

Syntax

In non-FIPS mode:

integrity { aes-xcbc-mac | md5 | sha1 | sha256 | sha384 | sha512 } *

undo integrity

In FIPS mode:

integrity { sha1 | sha256 | sha384 | sha512 } *

undo integrity

Default

No integrity protection algorithm is specified for an IKEv2 proposal.

Views

IKEv2 proposal view

Predefined user roles

network-admin

mdc-admin

Parameters

aes-xcbc-mac: Uses the HMAC-AES-XCBC-MAC algorithm.

md5: Uses the HMAC-MD5 algorithm.

sha1: Uses the HMAC-SHA1 algorithm.

sha256: Uses the HMAC-SHA256 algorithm.

sha384: Uses the HMAC-SHA384 algorithm.

sha512: Uses the HMAC-SHA512 algorithm.

Usage guidelines

You must specify a minimum of one integrity protection algorithm for an IKEv2 proposal. Otherwise, the proposal is incomplete and useless. You can specify multiple integrity protection algorithms for an IKEv2 proposal. An algorithm specified earlier has a higher priority.

Examples

# Create an IKEv2 proposal named prop1.

<Sysname> system-view
[Sysname] ikev2 proposal prop1

# Specify HMAC-SHA1 and HMAC-MD5 as the integrity protection algorithms, with HMAC-SHA1 preferred.

[Sysname-ikev2-proposal-prop1] integrity sha1 md5

Related commands

ikev2 proposal

prev

 

up

 next

inside-vrf 

home

 keychain

© Copyright 2018 Hewlett Packard Enterprise Development LP