7 Jan 2005 07:36
Re: proposal addition in aggresive mode.
Radia Perlman <Radia.Perlman <at> Sun.COM>
2005-01-07 06:36:05 GMT
2005-01-07 06:36:05 GMT
In aggressive mode's first message, Alice sends a Diffie-Hellman value, so therefore has to have already decided on which Diffie-Hellman group she is using. She can't propose others. But she should be able to propose multiple alternatives for the other cryptographic algorithms (prf, encryption, hash) Radia Someshwar Parate wrote: >Hi all, > >Can we add more than one proposal (attribute) in IKE policy to have same >DH group? > >============ >Actually I am trying to configure IKE policies in out IGATEWAY box and I >am getting following error while adding second proposal > >iGateway:/config/ike>add ike B M I -ma 172.16.12.15 -pa 172.16.3.1 -rid >I172.16.3.1 -lid 172.16.12.15 -pfs Y -key 1234567890123456 >Policy added successfully > >iGateway:/config/ike>addattrib ike 1 M P -k 400 -s 600 -g M768 -e 3DES >-eklen 16 >Attribute added successfully > >iGateway:/config/ike>addattrib ike 2 M P -k 400 -s 600 -g M768 -e DES >-eklen 16 >Error in adding the attribute >ERROR: Atmost One Attribute allowed for an Aggressive Mode Policy. >=============== > >Does anybody throw any light on this? > >thanks and regards... > >
RSS Feed