proposal (ike)
Function
The proposal command sets the proposal used by the IPSec policy.
The undo proposal command restores the default setting.
By default, the proposal for the IPSec policy is not set.
This command is supported only on the NetEngine 8000 F1A.
Parameters
| Parameter | Description | Value |
|---|---|---|
| prop-name1 |
Indicates the name of the proposal. |
It is a string of 1 to 15 case sensitive characters. |
| prop-name2 |
Indicates the name of the proposal. |
It is a string of 1 to 15 case sensitive characters. |
| prop-name3 |
Indicates the name of the proposal. |
It is a string of 1 to 15 case sensitive characters. |
| prop-name4 |
Indicates the name of the proposal. |
It is a string of 1 to 15 case sensitive characters. |
| prop-name5 |
Indicates the name of the proposal. |
It is a string of 1 to 15 case sensitive characters. |
| prop-name6 |
Indicates the name of the proposal. |
It is a string of 1 to 15 case sensitive characters. |
Usage Guidelines
Usage Scenario
proposal command is used to bind IPSec proposal to the policy in ISAKMP mode or policy template.
You can configure maximum of 6 proposals and all the proposals should be negotiated during IKE negotiation. The authentication algorithms MD5 and SHA1 have a low security, which may bring security risks. If protocols allowed, using more secure authentication algorithms, such as SHA2, is recommended. The encryption algorithms DES/3DES have a low security, which may bring security risks. If protocols allowed, using more secure encryption algorithms, such as AES, is recommended.Prerequisites
Before using proposal command, the corresponding IPSec proposal must be configured using ipsec proposal command.