Huawei v200r001 用户手册

User Manual - Configuration Guide  (Volume 3)
Versatile Routing Platform

Configuration of IKE

5-4

Table SC-5-3  Select authentication method

Select authentication method

Restore the authentication method to the default value

By default, pre share key (i.e., pre-share) algorithm is adopted.

If pre-shared key authentication method is selected, it is necessary to configure pre-
shared key.

Perform the following tasks in global configuration mode.

Table SC-5-4  Configure pre-shared key

Configure pre-shared key

crypto ike key keystring address peer-address

Delete pre-shared key to restore its default value

no crypto ike key keystring

By default, both ends of the security channel have no pre-shared keys.

Generally hashing algorithm uses HMAC framework to achieve its function. HMAC
algorithm adopts encryption hashing function to authenticate message, providing
frameworks to insert various hashing algorithm, such as SHA-1 and MD5.

There are two hashing algorithm options: SHA-1 and MD5. Both algorithms provide
data source authentication and integrity protection mechanism. MD5 has less digest
information, so it is usually considered to be slightly faster than SHA-1. A kind of attack
subject to MD5 is proved successful (but it is very difficult), but HMAC anamorphosis
used by IKE can stop such attacks.

Please perform the following tasks in IKE policy configuration mode.

Table SC-5-5  Select hashing algorithm

Select hashing algorithm

Set hashing algorithm to the default value

By default SHA-1 hashing algorithm (i.e., parameter sha) is adopted.

There are two DH (Diffie-Hellman) group ID options: 768-bit Diffie-Hellman group
(Group 1) or 1024-bit Diffie-Hellman group (Group 2). The 1024-bit Diffie-Hellman
group (Group 2) takes longer CPU time

Please perform the following tasks in IKE policy configuration mode.