authentication-method (ike)

Function

The authentication-method command specifies the authentication method used in Internet Key Exchange (IKE) proposal.

The undo authentication-method command restores the default setting.

By default, pre-share is used as the authentication method.

This command is supported only on the NetEngine 8000 F1A.

Format

authentication-method { pre-share | rsa-sig | rsassa-pss { sha2-256 | sha2-384 } }

undo authentication-method

Parameters

Parameter	Description	Value
pre-share	Indicates pre-shared key as the authentication method. The pre-share key must be specified through the pre-shared-key command if the authentication mode is set to pre-share. Otherwise, IKE SAs cannot be created.	-
rsa-sig	Indicates rsa-sig cert key as the authentication method.	-
rsassa-pss	Indicates rsassa-pss cert key as the authentication method. The hash algorithm can be: sha2-256. sha2-384.	-

Parameter

Description

Value

pre-share

Indicates pre-shared key as the authentication method.

The pre-share key must be specified through the pre-shared-key command if the authentication mode is set to pre-share. Otherwise, IKE SAs cannot be created.

rsa-sig

Indicates rsa-sig cert key as the authentication method.

rsassa-pss

Indicates rsassa-pss cert key as the authentication method. The hash algorithm can be:

sha2-256.
sha2-384.

Views

IKE proposal view

Default Level

2: Configuration level

Task Name and Operations

Task Name	Operations
ike	write

Usage Guidelines

If certificate authentication is configured, run the undo pki crl check enable command to disable CRL check. Otherwise, SAs fail to be created.

Example

# Set rsa-sig as the authentication method for IKE proposal 10.

<HUAWEI> system-view
[~HUAWEI] ike proposal 10
[*HUAWEI-ike-proposal-10] authentication-method rsa-sig