ike profile
Use this command to configure an IKE Phase 1 profile.
Syntax
-
default ike profile
WORD<1–32> [dh-group] [encrypt-algo] [encrypt-key-len] [hash-algo]
[lifetime-sec]
-
ike profile
WORD<1–32>
-
ike profile
WORD<1–32> dh-group <modp768 | modp1024 | modp2048 | any>
-
ike profile
WORD<1–32> encrypt-algo <desCbc | 3DesCbc | aesCbc | any>
-
ike profile
WORD<1–32> encrypt-key-len <128 | 192 | 256>
-
ike profile
WORD<1–32> hash-algo <MD5 | SHA | SHA256 | any>
-
ike profile
WORD<1–32> lifetime-sec <0-4294967295>
-
no ike profile
WORD<1–32>
Command Parameters
- dh-group <modp768|modp1024|modp2048|any>
- Specifies the Diffie-Hellman (DH)
group. DH groups categorize the key used in the key exchange process, by its
strength. The key from a higher group number is more secure. The default value is
modp2048.
- encrypt-algo <desCbc|3DesCbc|aesCbc|any>
- Specifies the type of encryption
algorithm. The default value is aesCbc.
- encrypt-key-len <128|192|256>
- Specifies the length of the
encryption key. The default is 256.
- hash-algo <md5|sha|sha256|any>
- Specifies the type of hash
algorithm. The default value is sha256.
- lifetime-sec <0-4294967295>
- Specifies the lifetime value in
seconds. The lifetime ensures that the peers renegotiate the SAs just before the
expiry of the lifetime value, to ensure that Security Associations are not
compromised. The default value is 86400 seconds.
- WORD<1–32>
- Specifies the IKE profile
name.
Command Mode
Global Configuration
