580
Examples
# Create an IKEv2 profile named
profile1
.
<Sysname> system-view
[Sysname] ikev2 profile profile1
# Specify the inside VPN instance
vpn1
.
[Sysname-ikev2-profile-profile1] inside-vrf vpn1
integrity
Use
integrity
to specify integrity protection algorithms for an IKEv2 proposal.
Use
undo integrity
to restore the default.
Syntax
In non-FIPS mode:
integrity
{
aes-xcbc-mac
|
md5
|
sha1
|
sha256
|
sha384
|
sha512
} *
undo integrity
In FIPS mode:
integrity
{
sha1
|
sha256
|
sha384
|
sha512
} *
undo integrity
Default
No integrity protection algorithm is specified for an IKEv2 proposal.
Views
IKEv2 proposal view
Predefined user roles
network-admin
Parameters
aes-xcbc-mac
: Uses the HMAC-AES-XCBC-MAC algorithm.
md5
: Uses the HMAC-MD5 algorithm.
sha1
: Uses the HMAC-SHA1 algorithm.
sha256
: Uses the HMAC-SHA256 algorithm.
sha384
: Uses the HMAC-SHA384 algorithm.
sha512
: Uses the HMAC-SHA512 algorithm.
Usage guidelines
You must specify a minimum of one integrity protection algorithm for an IKEv2 proposal. Otherwise,
the proposal is incomplete and useless. You can specify multiple integrity protection algorithms for
an IKEv2 proposal. An algorithm specified earlier has a higher priority.
Examples
# Create an IKEv2 proposal named
prop1
.
<Sysname> system-view
[Sysname] ikev2 proposal prop1
# Specify HMAC-SHA1 and HMAC-MD5 as the integrity protection algorithms, with HMAC-SHA1
preferred.
[Sysname-ikev2-proposal-prop1] integrity sha1 md5
Summary of Contents for FlexNetwork MSR Series
Page 1005: ...987 ...