Cisco Cisco Packet Data Gateway (PDG) Merkblatt
IKEv2 Security Association Configuration Mode Commands
hmac ▀
Cisco ASR 5x00 Command Line Interface Reference ▄
6205
hmac
Configures the IKEv2 IKE SA integrity algorithm. Default is SHA1-96.
Product
ePDG
PDIF
Privilege
Security Administrator, Administrator
Mode
Exec > Global Configuration > Context Configuration > IKEv2 Security Association Configuration
configure > context context_name > ikev2-ikesa transform-set set_name
Entering the above command sequence results in the following prompt:
[context_name]host_name(cfg-ctx-ikev2ikesa-tran-set)#
Syntax
hmac { aes-xcbc-96 | md5-96 | sha1-96 | sha2-256-128 | sha2-384-192 | sha2-512-256 }
default hmac
aes-xcbc-96
HMAC-AES-XCBC uses a 128-bit secret key and produces a 128-bit authenticator value.
md5-96
HMAC-MD5 uses a 128-bit secret key and produces a 128-bit authenticator value.
sha1-96
HMAC-SHA-1 uses a 160-bit secret key and produces a 160-bit authenticator value. This is the default
setting for this command.
setting for this command.
sha2-256-128
HMAC-SHA-256 uses a 256-bit secret key and produces a 128-bit authenticator value.
sha2-384-192
HMAC-SHA-384 uses a 384-bit secret key and produces a 192-bit authenticator value.
sha2-512-256
HMAC-SHA-512 uses a 512-bit secret key and produces a 256-bit authenticator value.
Usage
IKEv2 requires an integrity algorithm be configured in order to work.
A keyed-Hash Message Authentication Code, or HMAC, is a type of message authentication code (MAC)
calculated using a cryptographic hash function in combination with a secret key to verify both data integrity
A keyed-Hash Message Authentication Code, or HMAC, is a type of message authentication code (MAC)
calculated using a cryptographic hash function in combination with a secret key to verify both data integrity