Method used to modify the IKE algorithm on AR series routers

Huawei AR series routers can be configured with the IKE authentication and encryption algorithms. The configuration procedure is as follows:
1. Run the ike proposal proposal-number command to create an IKE proposal and enter the IKE proposal view.
2. Run the authentication-algorithm { aes-xcbc-mac-96 | md5 | sha1 | sha2-256 | sha2-384 | sha2-512 | sm3 } command to configure an authentication algorithm for the IKE proposal. Starting from V200R002C00, the AR supports aes-xcbc-mac-96. Starting from V200R005C10, the AR supports SHA2-256, SHA2-384, and SHA2-512. Starting from V200R005C00, the AR supports SM3, but the NE16EX series do not support SM3.
It is recommended that you do not use MD5 and SHA-1. Otherwise, security defense cannot be met.
3. Run the encryption-algorithm { des-cbc | 3des-cbc | aes-cbc-128 | aes-cbc-192 | aes-cbc-256 | sm4 } command to configure an encryption algorithm for the IKE proposal. Starting from V200R005C90, the AR supports SM4.
It is recommended that you should not use DES-CBC and 3DES-CBC. Otherwise, security defense cannot be met.

Other related questions:
Default IKE algorithm on AR series routers
If you have more questions, you can seek help from following ways:
To iKnow To Live Chat To Google
Scroll to top