HP VPN Firewall Appliances VPN Command Reference

aes-cbc: Uses the AES algorithm in CBC mode as the encryption algorithm. The AES algorithm uses

128-bit, 192-bit, or 256-bit keys for encryption.

key-length: Key length for the AES algorithm, which can be 128, 192 or 256 bits and is defaulted to 128

bits.

des-cbc: Uses the DES algorithm in CBC mode as the encryption algorithm. The DES algorithm uses

56-bit keys for encryption.

Examples

# Use 56-bit DES in CBC mode as the encryption algorithm for IKE proposal 10.

<Sysname> system-view

[Sysname] ike proposal 10

[Sysname-ike-proposal-10] encryption-algorithm des-cbc

Related commands

• ike proposal

• display ike proposal

exchange-mode

Use exchange-mode to select an IKE negotiation mode.

Use undo exchange-mode to restore the default.

Syntax

exchange-mode { aggressive | main }

undo exchange-mode

Default

Main mode is used.

Views

IKE peer view

Default command level

2: System level

Parameters

aggressive: Aggressive mode. This keyword is not available for FIPS mode.

main: Main mode.

Usage guidelines

When the user (for example, a dial-up user) at the remote end of an IPsec tunnel obtains an IP address

automatically and pre-shared key authentication is used, HP recommends setting the IKE negotiation

mode to aggressive at the local end.

In FIPS mode, the device cannot initiate or respond to an aggressive-mode IKE negotiation.

Examples

# Specify that IKE negotiation operates in main mode.

<Sysname> system-view

[Sysname] ike peer peer1