Manualshelf

R0106-HP MSR Router Series Security Command Reference(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router
361362363364365366367368369370
349
IKE commands
The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features,
commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about
FIPS mode, see Security Configuration Guide.
By default, the device provides low encryption. To obtain high encryption, you must install the Strong
Cryptography feature license. This feature provides stronger cryptography, additional IPsec tunnels, and
higher encryption performance. For more information about obtaining the Strong Cryptography feature
license, see the release notes or contact your HP sales representative.
Support for features, commands, and parameters differs with the cryptography capability.
authentication-algorithm
Use authentication-algorithm to specify an authentication algorithm for an IKE proposal.
Use undo authentication-algorithm to restore the default.
Syntax
In non-FIPS mode:
authentication-algorithm { md5 | sha }
undo authentication-algorithm
In FIPS mode:
authentication-algorithm sha
undo authentication-algorithm
Default
The IKE proposal uses the authentication algorithm of HMAC-SHA1.
Views
IKE proposal view
Predefined user roles
network-admin
Parameters
md5: Specifies HMAC-MD5 as the authentication algorithm.
sha: Specifies HMAC-SHA1 as the authentication algorithm.
Examples
# Specify HMAC-SHA1 as the authentication algorithm for IKE proposal 1.
<Sysname> system-view
[Sysname] ike proposal 1
[Sysname-ike-proposal-1] authentication-algorithm sha
Related commands
display ike proposal