Manualshelf

R3303-HP HSR6800 Routers Security Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP HSR68xx Configure-to-Order Router Solution
331332333334335336337338339340
320
Related commands
authentication-method
pki domain
dh
Use dh to specify the DH group to be used in key negotiation phase 1 for an IKE proposal.
Use undo dh to restore the default.
Syntax
dh { group1 | group2 | group5 | group14 }
undo dh
Default
In FIPS mode, group2 (1024-bit Diffie-Hellman group) is used.
In non-FIPS mode, group1 (768-bit Diffie-Hellman group) is used.
Views
IKE proposal view
Default command level
2: System level
Parameters
group1: Uses the 768-bit Diffie-Hellman group for key negotiation in phase 1. This keyword is not
available in FIPS mode.
group2: Uses the 1024-bit Diffie-Hellman group for key negotiation in phase 1.
group5: Uses the 1536-bit Diffie-Hellman group for key negotiation in phase 1.
group14: Uses the 2048-bit Diffie-Hellman group for key negotiation in phase 1.
Examples
# Specify 768-bit Diffie-Hellman for IKE proposal 10.
<Sysname> system-view
[Sysname] ike proposal 10
[Sysname-ike-proposal-10] dh group1
Related commands
ike proposal
display ike proposal
display ike dpd
Use display ike dpd to display information about Dead Peer Detection (DPD) detectors.
Syntax
display ike dpd [ dpd-name ] [ | { begin | exclude | include } regular-expression ]