Cisco Cisco Packet Data Gateway (PDG) Guida Alla Risoluzione Dei Problemi
IKEv2 Security Association Configuration Mode Commands
hmac ▀
Cisco ASR 5000 Series Command Line Interface Reference ▄
OL-22947-02
hmac
Configures the IKEv2 IKE SA integrity algorithm. Default is SHA1-96.
Product
PDIF
Privilege
Security Administrator, Administrator
Syntax
HMAC-MD5 uses a 128-bit secret key and produces a 128-bit authenticator value.
HMAC-SHA-1 uses a 160-bit secret key and produces a 160-bit authenticator value. This is the default
setting for this command.
setting for this command.
Usage
IKEv2 requires an integrity algorithm be configured in order to work.
A keyed-Hash Message Authentication Code, or HMAC, is a type of message authentication code (MAC)
calculated using a cryptographic hash function in combination with a secret key to verify both data integrity
and message authenticity. A hash takes a message of any size and transforms it into a message of a fixed size:
the authenticator value. This is truncated to 96 bits and transmitted. The authenticator value is reconstituted
by the receiver and the first 96 bits are compared for a 100 percent match.
Because RFC 4306 calls for interoperability between IPsec and IKEv2, the IKEv2 integrity algorithms must
be the same as those configured for IPsec in order for there to be an acceptable match during the IKE
message exchange.
A keyed-Hash Message Authentication Code, or HMAC, is a type of message authentication code (MAC)
calculated using a cryptographic hash function in combination with a secret key to verify both data integrity
and message authenticity. A hash takes a message of any size and transforms it into a message of a fixed size:
the authenticator value. This is truncated to 96 bits and transmitted. The authenticator value is reconstituted
by the receiver and the first 96 bits are compared for a 100 percent match.
Because RFC 4306 calls for interoperability between IPsec and IKEv2, the IKEv2 integrity algorithms must
be the same as those configured for IPsec in order for there to be an acceptable match during the IKE
message exchange.
Example
The following command configures the default HMAC value (SHA1-96):
The following command configures the default HMAC value (SHA1-96):