R2511-HP MSR Router Series Security Command Reference(V5)

ManualsBrandsHP ManualsNetwork HardwareHP MSR1003-8 AC Router

301

302

303

304

305

306

307

308

309

310

290

• DH groups 2 and 5　

A complete IKEv2 proposal must have at least one set of security parameters, including one encryption

algorithm, one integrity protection algorithm, one PRF algorithm, and one DH group.

In an IKEv2 proposal, you can configure multiple algorithms of the same type. As a result, you get

multiple sets of security parameters, which are combinations of the algorithms. If you want to use only

one set of security parameters, configure only one set of algorithms for the IKEv2 proposal.

Examples

# Configure an IKEv2 proposal named prop1 that includes the encryption algorithm AES-CBC-128,

integrity protection algorithm SHA1, PRF algorithm SHA1, and DH group 2.

<Sysname> system-view

[Sysname] ikev2 proposal prop1

[Sysname-ikev2-proposal-prop1] encryption aes-cbc-128

[Sysname-ikev2-proposal-prop1] integrity sha1

[Sysname-ikev2-proposal-prop1] prf sha1

[Sysname-ikev2-proposal-prop1] group 2

# Configure an IKEv2 proposal named prop2 that includes the encryption algorithms AES-CBC-128 and

3DES-CBC, integrity protection algorithms SHA1 and MD5, PRF algorithms SHA1 and MD5, and DH

group 2.

<Sysname> system-view

[Sysname] ikev2 proposal prop2

[Sysname-ikev2-proposal-prop2] encryption aes-cbc-128 3des-cbc

[Sysname-ikev2-proposal-prop2] integrity sha1 md5

[Sysname-ikev2-proposal-prop2] prf sha1 md5

[Sysname-ikev2-proposal-prop2] group 2

After the previous configuration, IKEv2 proposal prop2 has the following sets of security parameters

(encryption algorithm, integrity protection algorithm, PRF algorithm, and DH group, from left to right):

• AES　 -CBC-128, SHA1, SHA1, 2

• AES-CBC-128, MD5, MD5, 2

• 3DES-CBC, SHA1, SHA1, 2

• 3DES-CBC, MD5, MD5, 2

• AES-CBC-128, SHA1, MD5, 2

• AES　 -CBC-128, MD5, SHA1, 2

• 3DES　 -CBC, SHA1, MD5, 2

• 3DES-CBC, MD5, SHA1, 2

# On the intended IKEv2 negotiation initiator, configure an IKEv2 proposal named propa that includes

the encryption algorithms AES-CBC-128 and 3DES-CBC, integrity protection algorithms SHA1 and MD5,

PRF algorithms SHA1 and MD5, and DH groups 2 and 5.

<Sysname> system-view

[Sysname] ikev2 proposal prop1

[Sysname-ikev2-proposal-prop1] encryption aes-cbc-128 3des-cbc

[Sysname-ikev2-proposal-prop1] integrity sha1 md5

[Sysname-ikev2-proposal-prop1] prf sha1 md5

[Sysname-ikev2-proposal-prop1] group 2 5