4000 Router Series Security Command Reference

268

ike profile

Use ike profile to create an IKE profile and enter IKE profile view.

Use undo ike profile to delete an IKE profile.

Syntax

ike profile profile-name

undo ike profile profile-name

Default

No IKE profile is configured.

Views

System view

Predefined user roles

network-admin

Parameters

profile-name: Specifies an IKE profile name, a case-insensitive string of 1 to 63 characters.

Examples

# Create IKE profile 1 and enter its view.

<Sysname> system-view

[Sysname] ike profile 1

[Sysname-ike-profile-1]

ike proposal

Use ike proposal to create an IKE proposal and enter IKE proposal view.

Use undo ike proposal to delete an IKE proposal.

Syntax

ike proposal proposal-number

undo ike proposal proposal-number

Default

The system has an IKE proposal that is used as the default IKE proposal. This proposal has the lowest

priority and uses the following settings:

• Encryption algorithm—DES-CBC in non-FIPS mode and AES-CBC-128 in FIPS mode.

• Authentication method—HMAC-SHA1.

• Authentication algorithm—Pre-shared key authentication.

• DH group—Group 1 in non-FIPS mode and group14 in FIPS mode.

• IKE SA lifetime—86400 seconds.

You cannot change the settings of the default IKE proposal.