3.49. IPsecProposalList

Home Prev	cOS Stream 4.00.05 CLI Reference Guide	Next

Description

Proposal list is used during the IKE negotiation. It specifies what encryption/integrity algorithm and Diffie-Hellman group (if set) to use for the IPsec SA. In most cases its enough to specify one proposal with several algorithms. Any combination of the algorithm are then permitted for the SA. If only certain combinations of algorithms are allowed, they should be divided in several proposals where each proposal defines one combination of algorithms.

Properties

Name: Specifies the name of the IPsec Proposal list. (Identifier)
Comments: Text describing the current object. (Optional)

3.49.1. IPsecProposal

Description

An IPsec proposal specifies a specific combination of algorithms allowed during the IKE negotiation of the IPsec SA.

Properties

EncryptionAlgorithms: Specifies the encryption algorithms to support. (Default: aes128-cbc,3des)
IntegrityAlgorithms: Specifies the integrity algorithms to support. (Default: sha256,sha384,sha512,aes-xcbc)
DHGroup: Specifies the Diffie-Hellman group to use when doing rekey with PFS. (Optional)
Comments: Text describing the current object. (Optional)

	Note
	If no `Index` is specified when creating an instance of this type, the object will be placed last in the list and the `Index` will be equal to the length of the list.