R2511-HP MSR Router Series Security Configuration Guide(V5)
231
Displaying and maintaining IKEv2
Task Command
Remarks
Display IKEv2 profile
configuration information.
display ikev2 profile [ profile-name] [ |
{ begin | exclude | include }
regular-expression ]
Available in any view.
Display IKEv2 policy
configuration information.
display ikev2 policy [ policy-name |
default ] [ | { begin | exclude | include }
regular-expression ]
Available in any view.
Display the current IKEv2 SA
information.
display ikev2 sa [ { local | remote }
{ ipv4-address | ipv6 ipv6-address } ]
[ verbose ] [ | { begin | exclude | include }
regular-expression ]
Available in any view.
Display the IKEv2 proposal
configuration information.
display ikev2 proposal [ proposal-name |
default] [ | { begin | exclude | include }
regular-expression ]
Available in any view.
Display IKEv2 negotiation
statistics.
display ikev2 statistics [ | { begin | exclude
| include } regular-expression ]
Available in any view.
Reset IKEv2 negotiation statistics. reset ikev2 statistics Available in user view.
Delete IKEv2 SAs and the IPsec
SAs negotiated by them.
reset ikev2 sa [ { local-address |
remote-address } { ipv4-address | ipv6
ipv6-address } ]
Available in user view.
IKEv2 configuration examples
Configuring IKEv2 pre-shared key authentication
Network requirements
An IPsec tunnel is required between Router A and Router B to protect the traffic between subnet
10.1.1.0/24 and subnet 10.1.2.0/24. The specific requirements are as follows:
• Use IKEv2 to dynamically negotiate keys and establish and maintain IPsec SAs.
• Configure IKEv2 to use the encryption algorithm AES-CBC-192, integrity protection algorithm MD5,
PRF algorithm MD5, and 1024-bit DH group.
• Set both the local and remote authentication methods to pre-shared key.