Cisco Cisco Packet Data Gateway (PDG)
prf
Selects one of the HMAC integrity algorithms to act as the IKE Pseudo-Random Function. A PRF produces
a string of bits that an attacker cannot distinguish from random bit string without knowledge of the secret key.
The default is SHA1.
a string of bits that an attacker cannot distinguish from random bit string without knowledge of the secret key.
The default is SHA1.
Product
ePDG
PDIF
Privilege
Security Administrator, Administrator
Command Modes
Exec > Global Configuration > Context Configuration > IKEv2 Security Association Configuration
configure > context context_name > ikev2-ikesa transform-set set_name
Entering the above command sequence results in the following prompt:
[
context_name
]
host_name
(cfg-ctx-ikev2ikesa-tran-set)#
Syntax Description
prf { aes-xcbc-128 | md5 | sha1 | sha2-256 | sha2-384 | sha2-512 }
default prf
default prf
aes-xcbc-128
Configure IKEv2 IKE Security Association Pseudo Algorithm to be AES-XCBC-128.
md5
MD5 uses a 128-bit secret key and produces a 128-bit authenticator value.
sha1
SHA-1 uses a 160-bit secret key and produces a 160-bit authenticator value.
SHA-1 is considered cryptographically stronger than MD5, but it takes more CPU cycles to compute.
This is the default setting for this command.
sha2-256
PRF-HMAC-SHA-256 uses a 256-bit secret key.
sha2-384
PRF-HMAC-SHA-384 uses a 384-bit secret key.
Command Line Interface Reference, Modes I - Q, StarOS Release 19
22
IKEv2 Security Association Configuration Mode Commands
prf