R2511-HP MSR Router Series Security Command Reference(V5)
291
# On the intended IKEv2 negotiation responder, configure an IKEv2 proposal named propb that includes
the encryption algorithms AES-CBC-128 and 3DES, integrity protection algorithms MD5 and SHA1, PRF
algorithms MD5 and SHA1, and DH groups 5 and 2.
<Sysname> system-view
[Sysname] ikev2 proposal prop1
[Sysname-ikev2-proposal-prop1] encryption 3des-cbc aes-cbc-128
[Sysname-ikev2-proposal-prop1] integrity md5 sha1
[Sysname-ikev2-proposal-prop1] prf md5 sha1
[Sysname-ikev2-proposal-prop1] group 5 2
Because the initiator's parameters are preferred, the negotiated algorithms are as follows:
• Encryption algorithm AES-CBC-128
• Integrity protection algorithm SHA1
• PRF algorithm SHA1
• DH group 2
Related commands
• display ikev2 proposal
• encryption
• integrity
• prf
• group
integrity
Use integrity to specify integrity protection algorithms for an IKEv2 proposal.
Use undo integrity to restore the default.
Syntax
integrity { aes-xcbc-mac | md5 | sha1 | sha2-256 } *
undo integrity
Default
An IKEv2 proposal has no integrity protection algorithm.
Views
IKEv2 proposal view
Default command level
2: System level
Parameters
aes-xcbc-mac: Uses the AES-XCBC-MAC algorithm.
md5: Uses the MD5 algorithm.
sha1: Uses the SHA1 algorithm.
sha2-256: Uses the SHA2-256 algorithm.