Configuration - IPSec Mode

group

Use the IPSec group command to define the Diffie-Hellman (DH) group identifier for phase-1. Note: More than one group can be enabled. To disable a DH identifier, see no group command on page 14-13.

Syntax: (config-ipsec {n})# group {125}

Field

Definition

 

1

Set to DH group 1

(768 bit).

 

 

 

2

Set to DH group 2

(1024 bit). Default is enabled.

 

 

5

Set to DH group 25 (1536 bit). Default is enabled.

 

 

 

Example: (config-ipsec-1)# group 1

Supported Platforms: Adit 3104, Adit 3200, Adit 3500, MSR

hash

Use the IPSec hash command to specify a hash algorithm. To disable a hash algorithm, see no hash command on page 14-14.

Syntax: (config-ipsec {n})# hash {md5sha}

Field

md5

sha

Definition

Set to allow peers to use MD5.

Set to allow peers to use SHA1. SHA = Secure Hash Algorithm.

Example: (config-ipsec-1)# hash md5

Supported Platforms: Adit 3104, Adit 3200, Adit 3500, MSR

14-6

Adit 3000 (Rel. 1.6) and MSR Card (Rel 2.0) CLI

Page 326
Image 326
Carrier Access none manual Group, Hash, Md5 Sha