ike-proposal

Function

The ike-proposal command configures a proposal for the IKE negotiation.

The undo ike-proposal command restores the default setting.

By default, the IKE proposal for the IKE peer is not set.

This command is supported only on the NetEngine 8000 F1A.

Format

ike-proposal { proposal-number | default }

undo ike-proposal

Parameters

Parameter Description Value
proposal-number

Indicates the IKE proposal to be used in the negotiation.

It is an integer that ranges from 1 to 100.
default

Indicates that the default IKE proposal is used. The system provides three default IKE proposals. If no IKE proposal is created, defult1, eflut2, and deflut3 are used. The default IKE proposals contain insecure algorithms. To ensure better security, you are advised not to use the default IKE proposals.

-

Views

IKE peer view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
ike write

Usage Guidelines

Before running this command, you must have configured an IKE proposal or run the ike-proposal default command to use the default IKE proposal provided by the system.

Example

# Configure a proposal 20 to be used in IKE negotiation.
<HUAWEI> system-view
[~HUAWEI] ike proposal 20
[*HUAWEI-ike-proposal-20] authentication-method pre-share
[*HUAWEI-ike-proposal-20] authentication-algorithm sha2-256
[*HUAWEI-ike-proposal-20] dh group14
[*HUAWEI-ike-proposal-20] quit
[*HUAWEI] commit
[~HUAWEI] ike peer peer1
[*HUAWEI-ike-peer-peer1] ike-proposal 20
# Configure default proposal to be used in IKE negotiation.
<HUAWEI> system-view
[~HUAWEI] ike peer peer1
[*HUAWEI-ike-peer-peer1] ike-proposal default
Parent Topic: IPSec Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >