display ike proposal (User view)

Function

The display ike proposal command displays the IKE proposal configuration.

Format

display ike proposal [ number proposal-number ] ctrl-plane

display ike proposal default ctrl-plane

display ike proposal default slot slot-id cpu cpu-id

display ike proposal [ number proposal-number ] slot slot-id cpu cpu-id

Parameters

Parameter	Description	Value
number proposal-number	Specifies the number of an IKE proposal. A smaller IKE proposal number indicates a higher priority.	USG6510E/6510E-POE: The value is an integer that ranges from 1 to 100. USG6530E: The value is an integer that ranges from 1 to 100. USG6515E: The value is an integer that ranges from 1 to 512. USG6525E: The value is an integer that ranges from 1 to 512. USG6550E/6560E/6580E: The value is an integer that ranges from 1 to 512. USG6555E/6565E/6575E-B/6585E/6605E-B: The value is an integer that ranges from 1 to 512. USG6615E/6625E: The value is an integer that ranges from 1 to 1024. USG6635E/6655E: The value is an integer that ranges from 1 to 1024. USG6630E: The value is an integer that ranges from 1 to 1024. USG6650E: The value is an integer that ranges from 1 to 1024. USG6680E: The value is an integer that ranges from 1 to 1024. USG6712E/6716E: The value is an integer that ranges from 1 to 1024.
default	Displays a default IKE proposal information.	-
ctrl-plane	Display the IKE proposal on control plane. All models except USG6635E/6655E, USG6680E and USG6712E/6716E support this parameter.	-
slot slot-id	Specify the Slot ID. Only the USG6635E/6655E, USG6680E and USG6712E/6716E support this parameter.	-
cpu cpu-id	Specify the CPU ID. Only the USG6635E/6655E, USG6680E and USG6712E/6716E support this parameter.	-

Views

User view

Default Level

1: Monitoring level

Usage Guidelines

IKE proposals are displayed in ascending order of IKE proposal number.

Example

# Display the configuration of all IKE proposals.

<sysname> display ike proposal ctrl-plane
                                                                                
Number of IKE Proposals: 2                                                      
                                                                                
-------------------------------------------                                     
 IKE Proposal: 1                                                                
   Authentication Method      : PRE_SHARED                                      
   Authentication Algorithm   : SHA2-256                                        
   Encryption Algorithm       : AES-256                                         
   Diffie-Hellman Group       : MODP-2048
   SA Duration(Seconds)       : 86400                                           
   Integrity Algorithm        : HMAC-SHA2-256                                   
   Prf Algorithm              : HMAC-SHA2-256                                   
-------------------------------------------                                     
                                                                                
-------------------------------------------                                     
 IKE Proposal: Default
   Authentication Method      : PRE_SHARED
   Authentication Algorithm   : SHA2-512 SHA2-384 SHA2-256
   Encryption Algorithm       : AES-256 AES-192 AES-128
   Diffie-Hellman Group       : MODP-2048
   SA Duration(Seconds)       : 86400
   Integrity Algorithm        : HMAC-SHA2-256
   Prf Algorithm              : HMAC-SHA2-256 
-------------------------------------------

**Table 1** Description of the **display ike proposal** command output
Item	Description
Number of IKE Proposals	Number of the IKE proposal.
IKE Proposal	IKE proposal number. To configure an IKE proposal, run the ike proposal command.
Authentication Method	Authentication method used in the IKE proposal: PRE_SHARED: pre-shared key authentication RSA-SIGNATURE: RSA signature authentication DIGITAL-ENVELOPE: RSA digital envelope authentication. DIGITAL-ENVELOPE-V2: SM2 digital envelope authentication. To configure an authentication method, run the authentication-method command.
Authentication Algorithm	Authentication algorithm used in the IKE proposal: MD5: uses a 128-bit key. SHA1: uses a 160-bit key. SHA2-256: uses a 256-bit key. SHA2-384: uses a 384-bit key. SHA2-512: uses a 512-bit key. SM3: indicates an authentication algorithm defined by China's National Password Administration. To configure an authentication algorithm, run the authentication-algorithm command. NOTE: The MD5 and SHA-1 algorithms have potential security risks. The SHA2 or SM3 algorithm is recommended.
Encryption Algorithm	Encryption algorithm used in the IKE proposal: 3DES: 168-bit 3DES-CBC encryption algorithm AES-128: 128-bit AES encryption algorithm AES-192: 192-bit AES encryption algorithm AES-256: 256-bit AES encryption algorithm DES: DES-CBC encryption algorithm SM4: indicates an authentication algorithm defined by China's National Password Administration. It uses a 128-bit key. To configure an encryption algorithm, run the encryption-algorithm command. NOTICE: The DES and 3DES algorithms have potential security risks. The AES or SM algorithm is recommended.
Diffie-Hellman Group	DH group in the IKE proposal: MODP-768: 768-bit Diffie-Hellman group MODP-1024: 1024-bit Diffie-Hellman group MODP-1536: 1536-bit Diffie-Hellman group MODP-2048: 2048-bit Diffie-Hellman group MODP-3072: 3072-bit Diffie-Hellman group MODP-4096: 4096-bit Diffie-Hellman group MODP-8192: 8192-bit Diffie-Hellman group ECP-256: 256-bit ECP Diffie-Hellman group ECP-384: 384-bit ECP Diffie-Hellman group ECP-521: 521-bit ECP Diffie-Hellman group MODP-2048-WITH-256-SUBGROUP: 2048-bit Diffie-Hellman group that includes a 256-bit sub-group To configure a DH group, run the dh command.
SA Duration(Seconds)	IKE SA lifetime. To set the IKE SA lifetime, run the sa duration command.
Integrity Algorithm	Integrity algorithm in the IKE proposal: AES-XCBC-96: AES-XCBC-96 algorithm HMAC-MD5-96: HMAC-MD5-96 algorithm HMAC-SHA1-96: HMAC-SHA1-96 algorithm HMAC-SHA2-256: HMAC-SHA2-256 algorithm HMAC-SHA2-384: HMAC-SHA2-384 algorithm HMAC-SHA2-512: HMAC-SHA2-512 algorithm Only IKEv2 negotiation requires the integrity algorithm. To configure an integrity algorithm, run the integrity-algorithm command. NOTE: The HMAC-MD5-96 and HMAC-SHA1-96 algorithms have potential security risks. The HMAC-SHA2-256, HMAC-SHA2-384, or HMAC-SHA2-512 algorithm is recommended.
Prf Algorithm	Algorithm used to generate a pseudo random number in the IKE proposal: AES-XCBC-128: AES-XCBC-128 algorithm HMAC-MD5: HMAC-MD5 algorithm HMAC-SHA1: HMAC-SHA1 algorithm HMAC-SHA2-256: HMAC-SHA2-256 algorithm HMAC-SHA2-384: HMAC-SHA2-384 algorithm HMAC-SHA2-512: HMAC-SHA2-512 algorithm Only IKEv2 requires the PRF algorithm. To specify an algorithm used to generate a pseudo random number, run the prf command. NOTE: The HMAC-MD5 and HMAC-SHA1 algorithms have potential security risks. The AES-XCBC-128, HMAC-SHA2-256, HMAC-SHA2-384, or HMAC-SHA2-512 algorithm is recommended.