Group, Hash, Group -6 hash -6 – Carrier Access Adit 3000 Series and Multi-Service Router (MSR) Card none User Manual

14-6

Adit 3000 (Rel. 1.6) and MSR Card (Rel 2.0) CLI

Configuration - IPSec Mode

group

Use the IPSec group command to define the Diffie-Hellman (DH) group identifier for phase-1.
Note: More than one group can be enabled. To disable a DH identifier, see no group command on
page 14-13.

Syntax:

(config-ipsec {n})# group {1|2|5}

Example:

(config-ipsec-1)# group 1

Supported Platforms:

Adit 3104, Adit 3200, Adit 3500, MSR

hash

Use the IPSec hash command to specify a hash algorithm. To disable a hash algorithm, see no hash
command on page 14-14.

Syntax:

(config-ipsec {n})# hash {md5|sha}

Example:

(config-ipsec-1)# hash md5

Supported Platforms:

Adit 3104, Adit 3200, Adit 3500, MSR

Field

Definition

1

Set to DH group 1 (768 bit).

2

Set to DH group 2 (1024 bit). Default is enabled.

5

Set to DH group 25 (1536 bit). Default is enabled.

Field

Definition

md5

Set to allow peers to use MD5.

sha

Set to allow peers to use SHA1. SHA = Secure Hash Algorithm.