590CHAPTER 41: CONFIGURING IKE

The system creates only the default IKE security policy that cannot be deleted or modified by users.

Selecting an Encryption The two types of encryption algorithms that are supported are the 56-bit Algorithm DES-Cipher Block Chaining (DES-CBC) algorithm and the 168-bit 3DES-CBC

algorithm. Before being encrypted, each plain text block performs exclusive-OR operation with an encryption block, thus the same plain text block never maps the same encryption and the security is enhanced.

Perform the following configurations in IKE proposal view.

Table 657 Select Encryption Algorithm

Operation

Command

 

 

Select encryption algorithm

encryption-algorithm { des-cbc

 

3des-cbc }

 

 

Set the encryption algorithm to the

undo encryption-algorithm

default value

 

 

 

Selecting an

Authentication

Algorithm

By default, DES-CBC encryption algorithm (i.e. parameter des-cbc)is adopted.

Pre-share key is the only supported authentication algorithm.

Perform the following configurations in IKE proposal view.

Table 658 Select Authentication Method

Operation

Command

 

 

Select authentication method

authentication-method pre-share

 

 

Restore the authentication method to the

undo authentication-method pre-share

default value

 

 

 

By default, pre share key (i.e., pre-share) algorithm is adopted.

Configuring Pre-sharedIf pre-shared key authentication method is selected, it is necessary to configure Key pre-shared key.

Perform the following configurations in system view.

Table 659 Configure Pre-shared Key

Operation

Command

 

 

Configure pre-shared key

ike pre-shared-key key remote

 

remote-address

 

 

Delete pre-shared key to restore its default

undo ike pre-shared-key key remote

value

remote-address

 

 

By default, both ends of the security channel have no pre-shared keys.

Selecting the Hashing Hashing algorithms use HMAC framework to achieve its function. HMAC Algorithm algorithm adopts an encryption hashing function to authenticate messages,

providing frameworks to insert various hashing algorithms, such as SHA-1 and MD5.

Page 594
Image 594
3Com 10014299 manual Selecting an Authentication Algorithm, Select Encryption Algorithm, Select Authentication Method