ike profile
Use this command to configure an IKE Phase 1 profile.
Syntax
-
default ike profile
WORD<1–32> [dh-group] [encrypt-algo] [encrypt-key-len] [hash-algo]
[lifetime-sec]
-
ike profile
WORD<1–32>
-
ike profile
WORD<1–32> dh-group <modp768 | modp1024 | modp2048 | any>
-
ike profile
WORD<1–32> encrypt-algo <desCbc | 3DesCbc | aesCbc | any>
-
ike profile
WORD<1–32> encrypt-key-len <128 | 192 | 256>
-
ike profile
WORD<1–32> hash-algo <MD5 | SHA | SHA256 | any>
-
ike profile
WORD<1–32> lifetime-sec <0-4294967295>
-
no ike profile
WORD<1–32>
Command Parameters
- dh-group <modp768|modp1024|modp2048|any>
- Specifies the Diffie-Hellman (DH)
group. DH groups categorize the key used in the key exchange process, by its
strength. The key from a higher group number is more secure. The default value is
modp2048.
- encrypt-algo <desCbc|3DesCbc|aesCbc|any>
- Specifies the type of encryption
algorithm. The default value is aesCbc.
- encrypt-key-len <128|192|256>
- Specifies the length of the
encryption key. The default is 256.
- hash-algo <md5|sha|sha256|any>
- Specifies the type of hash
algorithm. The default value is sha256.
- lifetime-sec <0-4294967295>
- Specifies the lifetime value in
seconds. The lifetime ensures that the peers renegotiate the SAs just before the
expiry of the lifetime value, to ensure that Security Associations are not
compromised. The default value is 86400 seconds.
- WORD<1–32>
- Specifies the IKE profile
name.
Command Mode
Global Configuration
Usage Guidelines
DEMO FEATURE - Secure AAA server
communication is a demonstration feature on some products. Demonstration features are
provided for testing purposes. Demonstration features are for lab use only and are not for
use in a production environment. For more information on feature support, see Fabric Engine and VOSS Feature Support Matrix.
