Home  Prev  cOS Stream 4.00.05 CLI Reference Guide  Next

3.42. IKEProposalList

Description

Proposal list is used during the IKE negotiation. It specifies what encryption/integrity algorithm and PRF to use for the IKE SA. In most cases its enough to specify one proposal with several algorithms. Any combination of the algorithm are then permitted for the SA. If only certain combinations of algorithms are allowed, they should be divided in several proposals where each proposal defines one combination of algorithms.

Properties

Name
Specifies the name of the IKE Proposal list. (Identifier)
Comments
Text describing the current object. (Optional)

3.42.1. IKEProposal

Description

An IKE proposal specifies a specific combination of algorithms allowed during the IKE negotiation.

Properties

EncryptionAlgorithms
Specifies the encryption algorithms to support. (Default: aes128-cbc,3des)
IntegrityAlgorithms
Specifies the integrity algorithms to support. (Default: sha256,sha384,sha512,aes-xcbc)
PRF
Specifies the pseudo random function. (Optional)
DHGroup
Specifies the Diffie-Hellman group to use when doing key exchanges in IKE. (Default: 5,14)
[Note] Note
If no Index is specified when creating an instance of this type, the object will be placed last in the list and the Index will be equal to the length of the list.
Home  Prev   Next