HP 6125XLG R2306-HP 6125XLG Blade Switch Security Command Reference - Page 287

Syntax authentication-method { dsa-signature | pre-share | rsa-signature } undo authentication-method Default The IKE proposal uses the pre-shared key as the authentication method. Views IKE proposal view Predefined user roles network-admin Parameters dsa-signature: Specifies the DSA signatures as the authentication method. pre-share: Specifies the pre-shared key as the authentication method. rsa-signature: Specifies the RSA signatures as the authentication method. Usage guidelines Pre-shared key authentication does not require certificates as signature authentication, and is easy to set up in a simple network. Signature authentication provides higher security, and is usually deployed in a large-scale network, such as a network with many branches. Signature authentication using a CA improves the manageability and scalability of the network. Authentication methods configured on both IKE ends must match. If you specify RSA or DSA signatures, you must configure the IKE peer to obtain certificates from a CA. If you specify pre-shared keys, you must configure these pre-shared keys on both IKE ends. Examples # Specify pre-shared key authentication to be used in IKE proposal 1. system-view [Sysname] ike proposal 1 [Sysname-ike-proposal-1] authentication-method pre-share Related commands • display ike proposal • ike keychain • pre-shared-key dh Use dh to specify the DH group to be used in key negotiation phase 1 for an IKE proposal. Use undo dh to restore the default. Syntax In non-FIPS mode: dh { group1 | group14 | group2 | group24 | group5 } undo dh 278