No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

AR500, AR510, and AR530 V200R007 Commands Reference

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
exchange-mode

exchange-mode

Function

The exchange-mode command configures the IKEv1 phase 1 negotiation mode.

By default, the main mode is used in IKEv1 phase 1.

Format

exchange-mode { aggressive | main }

Parameters

Parameter

Description

Value

aggressive

Indicates the aggressive mode.

-

main

Indicates the main mode.

-

Views

IKE peer view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can choose either the main mode or aggressive mode for IKE negotiation according to the network environment:

Compared with the main mode, the aggressive mode establishes an IKE SA more quickly because it uses fewer messages. However, the aggressive mode does not encrypt identity information. Although the aggressive mode does not protect identity information, it can meet special network requirements:
  • If the IP address of the negotiation initiator is unknown or unstable and the two ends expect to set up SAs using the pre-shared key, the aggressive mode is used.
  • If the initiator knows the policy of the responder, SAs are set up more payloads associated with SA, key exchanges and authentication can be set up more quickly in the aggressive mode.

Configuration Impact

If you run the exchange-mode command multiple times, only the latest configuration takes effect.

Precautions

The main mode and aggressive mode are defined for IKEv1 negotiation phase 1, but are not defined for IKEv2. Therefore, the exchange-mode command only applies to IKEv1.

Example

# Set the IKEv1 negotiation mode to aggressive mode.

<Huawei> system-view
[Huawei] ike peer huawei v1
[Huawei-ike-peer-huawei] exchange-mode aggressive
Translation
Download
Updated: 2019-05-29

Document ID: EDOC1000097293

Views: 50078

Downloads: 102

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next