R3303-HP HSR6800 Routers Security Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP HSR68xx Configure-to-Order Router Solution

341

342

343

344

345

346

347

348

349

350

334

Usage guidelines

The system provides a default IKE proposal, which has the lowest priority. The following table shows the

default settings for the default IKE proposal in non-FIPS mode and FIPS mode:

Setting Non-FIPS mode FIPS mode

Encryption algorithm DES-CBC AES_CBC_128

Authentication

algorithm

HMAC-SHA1 SHA

Authentication method Pre-shared key Pre-shared key

DH group MODP_768 MODP_1024

SA lifetime 86400 seconds 86400 seconds

Examples

# Create IKE proposal 10 and enter IKE proposal view.

<Sysname> system-view

[Sysname] ike proposal 10

[Sysname-ike-proposal-10]

Related commands

display ike proposal

ike sa keepalive-timer interval

Use ike sa keepalive-timer interval to set the ISAKMP SA keepalive interval.

Use undo ike sa keepalive-timer interval to disable the ISAKMP SA keepalive transmission function.

Syntax

ike sa keepalive-timer interval seconds

undo ike sa keepalive-timer interval

Default

No keepalive packet is sent.

Views

System view

Default command level

2: System level

Parameters

seconds: Specifies the transmission interval of ISAKMP SA keepalives in seconds, in the range of 20 to

28,800.

Usage guidelines

The keepalive interval configured at the local end must be shorter than the keepalive timeout configured

at the remote end.

Examples

# Set the keepalive interval to 200 seconds.