R2511-HP MSR Router Series Security Command Reference(V5)
279
Usage guidelines
A stronger algorithm provides higher security but requires more resources. The algorithms, in ascending
order of security strength, include DES, 3DES, 128-bit AES-CBC, 192-bit AES-CBC, 256-bit AES-CBC.
You can specify multiple encryption algorithms for an IKEv2 proposal. An algorithm specified earlier has
a higher priority.
IMPORTANT:
You must specify at least one encryption algorithm for an IKEv2 proposal. Otherwise, the proposal is
incomplete and useless.
Examples
# Create an IKEv2 proposal named prop1.
<Sysname> system-view
[Sysname] ikev2 proposal prop1
# Specify the encryption algorithms AES-CBC-192 and 3DES for the proposal, with AES-CBC-192
preferred.
[Sysname-ikev2-proposal-prop1] encryption aes-cbc-192 3des-cbc
Related commands
• ikev2 proposal
• display ikev2 proposal
group (ikev2 proposal view)
Use group to specify DH groups for an IKEv2 proposal.
Use undo group to restore the default.
Syntax
group { 1 | 2 | 5 | 14 } *
undo group
Default
An IKEv2 proposal has no DH group.
Views
IKEv2 proposal view
Default command level
2: System level
Parameters
1: Uses the 768-bit Diffie-Hellman (DH) group.
2: Uses the 1024-bit DH group.
5: Uses the 1536-bit DH group.
14: Uses the 2048-bit DH group.
Usage guidelines
A DH group with a longer key provides higher security but requires more resources.