Product specifications
Chapter 5: System Security Efficient Networks
®
Router family
Technical Reference Guide
Page 5-60 Efficient Networks
®
-> ike ipsec proposals set espauth <md5 | sha1 | none>
<proposalname>
Determines whether ESP message authentication is requested and, if it is requested, the
hash algorithm used.
• MD5 - Use ESP encapsulation and authenticate using hash algorithm
Message Digest 5.
• SHA1 - Use ESP encapsulation and authenticate using hash algorithm
Secure Hash Algorithm-1.
• NONE - No ESP encapsulation and no ESP message authentication. (If you
select this option, the encapsulation method must be requested by a set
espenc or set ahauth command.)
-> ike ipsec proposals set ahauth <md5 | sha1 | none>
<proposalname>
Determines whether AH message authentication is requested and, if it is requested, the
hash algorithm used.
-> ike ipsec proposals set espauth <md5 | sha1 | none>
<proposalname>
Determines whether ESP message authentication is requested and, if it is requested, the
hash algorithm used.
NOTE:
The proposal cannot request both AH encapsulation and ESP encapsulation.
• MD5 - Use AH encapsulation and authenticate using hash algorithm
Message Digest 5.
• SHA1 - Use AH encapsulation and authenticate using hash algorithm Secure
Hash Algorithm-1.
• NONE - No AH encapsulation and no AH message authentication. (If you
select this option, the encapsulation method must be requested by a set
espenc or set espauth command.)
-> ike ipsec proposals set ipcomp <none | lzs> <proposalname>
Proposes either no compression or LZS compression.
-> ike ipsec proposals set lifetime <seconds> <proposalname>
Proposes the length of time (in seconds) before the IPSec SA expires; the recommended
value is 86400 (24 hours). When the time limit expires, IKE renegotiates the connection.
-> ike ipsec proposals set lifedata <kbytes> <proposalname>
Proposes the maximum number of kilobytes for the IPSec SA; 0 means unlimited. After
the maximum data is transferred, IKE renegotiates the connection. By limiting the amount
of data that can be transferred, you reduce the likelihood of the key being broken.