Cisco Cisco ASR 5700
IKEv2 Security Association Configuration Mode Commands
▀ prf
▄ Command Line Interface Reference, StarOS Release 17
6478
prf
Selects one of the HMAC integrity algorithms to act as the IKE Pseudo-Random Function. A PRF produces a string of
bits that an attacker cannot distinguish from random bit string without knowledge of the secret key. The default is
SHA1.
bits that an attacker cannot distinguish from random bit string without knowledge of the secret key. The default is
SHA1.
Product
ePDG
PDIF
Privilege
Security Administrator, Administrator
Mode
Exec > Global Configuration > Context Configuration > IKEv2 Security Association Configuration
configure > context context_name > ikev2-ikesa transform-set set_name
Entering the above command sequence results in the following prompt:
[context_name]host_name(cfg-ctx-ikev2ikesa-tran-set)#
Syntax
prf { aes-xcbc-128 | md5 | sha1 | sha2-256 | sha2-384 | sha2-512 }
default prf
aes-xcbc-128
Configure IKEv2 IKE Security Association Pseudo Algorithm to be AES-XCBC-128.
md5
MD5 uses a 128-bit secret key and produces a 128-bit authenticator value.
sha1
SHA-1 uses a 160-bit secret key and produces a 160-bit authenticator value.
SHA-1 is considered cryptographically stronger than MD5, but it takes more CPU cycles to compute.
This is the default setting for this command.
SHA-1 is considered cryptographically stronger than MD5, but it takes more CPU cycles to compute.
This is the default setting for this command.
sha2-256
PRF-HMAC-SHA-256 uses a 256-bit secret key.
sha2-384
PRF-HMAC-SHA-384 uses a 384-bit secret key.
sha2-512
PRF-HMAC-SHA-512 uses a 512-bit secret key.