Configure an IKEv2 Profile

About this task

Use the following procedure to configure an IKEv2 profile.

Procedure

  1. Enter Global Configuration mode:

    enable

    configure terminal

  2. Create an IKEv2-profile:

    ike v2-profile WORD<1–32>

  3. Configure the IKEv2 profile hash algorithm:

    ike v2-profile WORD<1–32> hash-algo <md5|sha|sha256|any>

  4. Configure the IKEv2 profile encryption algorithm:

    ike v2-profile WORD<1–32> encrypt-algo <desCbc|3DesCbc|aesCbc|any>

  5. Configure the IKEv2 profile integrity algorithm

    ike v2-profile WORD<1–32> integrity-algo <hmac-md5|hmac-sha|hmac-sha256|aes-xcbc|any>

  6. Configure the IKEv2 profile dh group

    ike v2-profile WORD<1–32> dh-group <modp768|modp1024|modp2048|any

  7. Configure the IKEv2 profile encryption key length:

    ike v2-profile WORD<1–32> encrypt-key-len <128|192|256>

  8. Configure the IKEv2 profile lifetime, in seconds:

    ike v2-profile WORD<1–32> lifetime-sec <0-4294967295>

  9. Optional: Delete the IKEv2 profile:

    no ike v2-profile WORD<1–32>

Variable Definition

The following table defines parameters for the ike v2–profile commands.

Variable

Value

profile WORD<1–32>

Specifies the IKE v2–profile name.

hash-algo <md5|sha|sha256|any>

Specifies the type of hash algorithm. The default value is sha256. To set this option to the default value, use the default operator with the command: default ike v2–profile WORD<1–32> hash-algo

encrypt-algo <desCbc|3DesCbc|aesCbc|any>

Specifies the type of encryption algorithm. The default value is aesCbc. To set this option to the default value, use the default operator with the command: default ike v2–profile WORD<1–32> encrypt-algo

integrity-algomd5|sha-1|sha-256|aes-xcbc

Specifies the type of integrity algorithm. The default is sha256. To set this option to the default value, use the default operator with the command: default ike v2–profile WORD<1–32> integrity-algo

dh-group <modp768|modp1024|modp2048|any>

Specifies the Diffie-Hellman (DH) group. DH groups categorize the key used in the key exchange process, by its strength. The key from a higher group number is more secure. The default value is modp2048. To set this option to the default value, use the default operator with the command: default ike v2–profile WORD<1–32> dh-group

encrypt-key-len <128|192|256>

Specifies the length of the encryption key. The default is 256. To set this option to the default value, use the default operator with the command: default ike v2–profile WORD<1–32> encrypt-key-len

lifetime-sec <0-4294967295>

Specifies the lifetime value in seconds. The lifetime ensures that the peers renegotiate the SAs just before the expiry of the lifetime value, to ensure that Security Associations are not compromised. The default value is 86400 seconds. To set this option to the default value, use the default operator with the command: default ike v2–profile WORD<1–32> lifetime-sec