25-89
Cisco Prime Network 4.0 User Guide
OL-29343-01
Chapter 25 Monitoring Mobile Technologies LTE Networks
Table 25-54 IKEv2 IPSec Transform Set/IKE v2 Transform set Details
Field Description
Name The name of the transform set.
DH Group The Diffie-Hellman (DH) group for the transform set, which can be any one
of the following:
1—Configure Diffie-Hellman Group 1:768-bit MODP Group
14—Configure Diffie-Hellman Group 14:2048-bit MODP Group
2—Configure Diffie-Hellman Group 2:1024-bit MODP Group
5—Configure Diffie-Hellman Group 5:1536-bit MODP Group
This field defaults to 2—Configure Diffie-Hellman Group 2:1024-bit
MODP Group.
Note The DH group is used to determine the length of the base Prime
numbers used during the key exchange process in IKE v2. Th e
cryptographic strength of any key derived, depends in part, on the
strength of the DH group upon which the prime numbers are based.
Cipher The appropriate encryption algorithm and encryption key lengt h fo r t h e
IKEv2 IKE security association, which can be any one of the f ollowing:
3des-cbc
aes-cbc-128
aes-cbc-256
des-cbc
Null
This field defaults to AESCBC-128.
HMAC The Hash Message Authentication Code (HMAC) for the IKEv2 IPSec
transform set,which can be any one of the following:
aes-xcbc-96
md5-96
sha1-96
sha2-256-128
sha2-384-192
sha2-512-256
This field defaults to sha1-96.
Note HMAC is a type of message authentication code calculat e d usi ng a
cryptographic hash function in combination with a secret key to
verify both data integrity and message authenticity. A hash takes a
message of any size and transforms it into a message of fixed size
(the authenticator value), which is truncated and transmitted.