Command Reference Guide
3Com Router 3000 Ethernet Family
Command Reference Guide
Chapter 6 IKE Configuration Commands
3Com Corporation
6-14
Use the undo ike proposal command to delete an IKE proposal.
The system provides a default IKE proposal with the lowest priority.
Executing this command in system view will enter the IKE proposal view, where you
can set parameters such as authentication method, encryption algorithm,
authentication algorithm, DH group ID, and sa duration for this IKE proposal using the
authentication-method, encryption-algorithm, dh, authentication-algorithm, and
sa duration command.
The Default IKE proposal has the following default parameters:
Encryption algorithm: DES-CBC
Authentication algorithm: HMAC-SHA1
Authentication method: Pre-Shared Key
DH group ID: MODP_768
SA duration: 86400 seconds
These parameters will be used to establish a security tunnel once these parameters are
confirmed by the both sides of the negotiation.
Both sides of the negotiation can be configured more than one IKE proposal. During the
negotiation, the IKE proposals in both sides are selected to match one by one, by turns
of their priority levels. The parameters that must be same during the match are
encryption algorithm, authentication algorithm, authentication method, and DH group.
The sa duration is decided by the initiator of the negotiation, needing no agreement.
Related command: authentication-algorithm, encryption-algorithm, dh,
authentication-algorithm, sa duration, display ike policy.
Example
# Define IKE proposal 10.
[3Com] ike proposal 10
[3Com-ike-proposal-10] authentication-algorithm md5
[3Com-ike-proposal-10] authentication-method pre-share
[3Com-ike-proposal-10] sa duration 5000
6.1.16 ike sa keepalive-timer interval
Syntax
ike sa keepalive-timer interval seconds
undo ike sa keepalive-timer interval
View
System view