User Manual - Configuration Guide (Volume 3)

Chapter 5

Versatile Routing Platform

Configuration of IKE

Table SC-5-3Select authentication method

 

 

 

 

 

Operation

Command

 

 

 

 

Select authentication method

authentication pre-share

 

Restore the authentication method to the default value

no authentication pre-share

By default, pre share key (i.e., pre-share) algorithm is adopted.

5.2.5 Set Pre-shared Key

If pre-shared key authentication method is selected, it is necessary to configure pre- shared key.

Perform the following tasks in global configuration mode.

Table SC-5-4Configure pre-shared key

Operation

Command

 

 

Configure pre-shared key

crypto ike key keystring address peer-address

Delete pre-shared key to restore its default value

no crypto ike key keystring

By default, both ends of the security channel have no pre-shared keys.

5.2.6 Select Hashing Algorithm

Generally hashing algorithm uses HMAC framework to achieve its function. HMAC algorithm adopts encryption hashing function to authenticate message, providing frameworks to insert various hashing algorithm, such as SHA-1 and MD5.

There are two hashing algorithm options: SHA-1 and MD5. Both algorithms provide data source authentication and integrity protection mechanism. MD5 has less digest information, so it is usually considered to be slightly faster than SHA-1. A kind of attack subject to MD5 is proved successful (but it is very difficult), but HMAC anamorphosis used by IKE can stop such attacks.

Please perform the following tasks in IKE policy configuration mode.

Table SC-5-5Select hashing algorithm

Operation

Command

 

 

Select hashing algorithm

hash { md5 sha }

Set hashing algorithm to the default value

no hash

By default SHA-1 hashing algorithm (i.e., parameter sha) is adopted.

5.2.7 Select DH Group ID

There are two DH (Diffie-Hellman) group ID options: 768-bit Diffie-Hellman group (Group 1) or 1024-bit Diffie-Hellman group (Group 2). The 1024-bit Diffie-Hellman group (Group 2) takes longer CPU time

Please perform the following tasks in IKE policy configuration mode.

5-4

Page 10
Image 10
Huawei v200r001 user manual Set Pre-shared Key, Select Hashing Algorithm, Select DH Group ID