R2511-HP MSR Router Series Security Configuration Guide(V5)
226
Configuring an address pool for assigning addresses to
initiators
You can configure an address pool on the device so that the device, when working as IKEv2 negotiation
responder, can assign addresses to negotiation initiators.
To configure an address pool for IKEv2 to use to assign addresses to initiators:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Configure an address pool for
IKEv2 to use to assign
addresses to initiators.
ikev2 { ip-pool pool-name
ipv4-start-address ipv4-end-address
| ipv6-pool pool-name
ipv6-start-address
ipv6-end-address }
By default, no address pool
exists.
NOTE:
The device supports assigning an IPv6 address to an IKEv2 negotiation initiator. You can confi
g
ure an IPv4
address pool, but the configuration does not take effect.
Configuring an IKEv2 proposal
An IKEv2 proposal comprises security parameters used in IKE_SA_INIT exchanges, including the
encryption algorithms, integrity protection algorithms, PRF algorithms, and DH groups. An algorithm
configured earlier has a higher priority.
A complete IKEv2 proposal must have at least one set of security parameters, including one encryption
algorithm, one integrity protection algorithm, one PRF algorithm, and one DH group.
To configure an IKEv2 proposal
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Create an IKEv2 proposal
and enter IKEv2 proposal
view.
ikev2 proposal proposal-name
The device has a system
predefined IKEv2 proposal
named default. This proposal
has the lowest priority and uses
these settings:
• Encryption algorithms
DES-CBC-128 and 3DES.
• Integrity protection
algorithms SHA1 and MD5.
• PRF algorithms SHA1 and
MD5.
• DH groups 2 and 5.