3Com 10014299 Network Router User Manual


 
590 CHAPTER 41: CONFIGURING IKE
The system creates only the default IKE security policy that cannot be deleted or
modified by users.
Selecting an Encryption
Algorithm
The two types of encryption algorithms that are supported are the 56-bit
DES-Cipher Block Chaining (DES-CBC) algorithm and the 168-bit 3DES-CBC
algorithm. Before being encrypted, each plain text block performs exclusive-OR
operation with an encryption block, thus the same plain text block never maps the
same encryption and the security is enhanced.
Perform the following configurations in IKE proposal view.
Table 657 Select Encryption Algorithm
By default, DES-CBC encryption algorithm (i.e. parameter des-cbc) is adopted.
Selecting an
Authentication
Algorithm
Pre-share key is the only supported authentication algorithm.
Perform the following configurations in IKE proposal view.
Table 658 Select Authentication Method
By default, pre share key (i.e., pre-share) algorithm is adopted.
Configuring Pre-shared
Key
If pre-shared key authentication method is selected, it is necessary to configure
pre-shared key.
Perform the following configurations in system view.
Table 659 Configure Pre-shared Key
By default, both ends of the security channel have no pre-shared keys.
Selecting the Hashing
Algorithm
Hashing algorithms use HMAC framework to achieve its function. HMAC
algorithm adopts an encryption hashing function to authenticate messages,
providing frameworks to insert various hashing algorithms, such as SHA-1 and
MD5.
Operation Command
Select encryption algorithm encryption-algorithm { des-cbc |
3des-cbc }
Set the encryption algorithm to the
default value
undo encryption-algorithm
Operation Command
Select authentication method authentication-method pre-share
Restore the authentication method to the
default value
undo authentication-method pre-share
Operation Command
Configure pre-shared key ike pre-shared-key key remote
remote-address
Delete pre-shared key to restore its default
value
undo ike pre-shared-key key remote
remote-address