KeyExchangeOffer statement
Use the KeyExchangeOffer statement to define a key exchange offer for a dynamic VPN. A key exchange offer indicates one acceptable way to protect a key exchange for a dynamic VPN. A key exchange offer can be referenced by a KeyExchangeAction statement.
Syntax
Parameters
- name
- A string 1 - 32 characters in length specifying the name of this
KeyExchangeOffer statement.
Rule: If this KeyExchangeOffer statement is not specified inline within another statement, a name value must be provided.
If a name is not specified for an inline KeyExchangeOffer statement, a nonpersistent system name is created. - HowToEncrypt
- The desired encryption policy for protecting key exchanges. The default is AES_CBC KeyLength 128.
- DES
- Use DES encryption, which uses a 56–bit key and a 64–bit initialization vector.
Restriction: DES is not accepted when the TCP/IP stack is configured for FIPS 140 mode on the IpFilterPolicy statement.
- 3DES
- Triple DES runs the DES encryption algorithm three times and uses 192-bits, including 24 parity
bits.
Rule: If 3DES is specified but is not supported by the system, then the Policy Agent fails the policy.
- AES
- Deprecated and treated as a synonym for AES_CBC KeyLength 128.
Rule: If AES is specified but AES encryption in CBC mode is not supported by this TCP/IP stack, Policy Agent fails the policy.
- AES_CBC
- The AES algorithm is used in Cipher Block Chaining (CBC) mode. Rules:
- The key length is measured in bits, and a keylen of either 128 or 256 must be specified.
- If AES_CBC is specified but AES encryption is not supported by this TCP/IP stack, Policy Agent fails the policy.
Restriction: This value is valid only for V1R12 and later releases. See General syntax rules for Policy Agent for details
- HowToAuthMsgs
- The desired hash algorithm for authenticating IKE version 1 key exchange messages. The default
is SHA1.
- MD5
- Use the HMAC MD5 algorithm.
Restriction: MD5 is not accepted when the TCP/IP stack is configured for FIPS 140 mode on the IpFilterPolicy statement.
- SHA1
- Use the HMAC_SHA1 algorithm.
- SHA2_256
- Use the HMAC_SHA2_256_128 algorithm.
Restriction: This value is valid only for V1R12 and later releases. See General syntax rules for Policy Agent for details
- SHA2_384
- Use the HMAC_SHA2_384_192 algorithm.
Restriction: This value is valid only for V1R12 and later releases. See General syntax rules for Policy Agent for details
- SHA2_512
- Use the HMAC_SHA2_512_256 algorithm.
Restriction: This value is valid only for V1R12 and later releases. See General syntax rules for Policy Agent for details
Restriction: The HowToAuthMsgs parameter is ignored for IKE version 2 SAs.
- HowToVerifyMsgs
- The desired authentication algorithm for verifying message integrity
of IKE version 2 key exchange messages. The default is HMAC_SHA1_96.
- AES128_XCBC_96
- Use the AES128_XCBC algorithm to encode authentication data, with
128-bit keys and hash truncation to 96 bits.
Restriction: AES128_XCBC_96 is not accepted when the TCP/IP stack is configured for FIPS 140 mode on the IpFilterPolicy statement.
- HMAC_MD5_96
- Use the HMAC_MD5_96 algorithm.
Restriction: HMAC_MD5_96 is not accepted when the TCP/IP stack is configured for FIPS 140 mode on the IpFilterPolicy statement.
- HMAC_SHA1_96
- Use the HMAC_SHA1_96 algorithm.
- HMAC_SHA2_256_128
- Use the HMAC_SHA2_256 algorithm to encode authentication data, with 256-bit keys and hash truncation to 128 bits.
- HMAC_SHA2_384_192
- Use the HMAC_SHA2_384 algorithm to encode authentication data, with 384-bit keys and hash truncation to 192 bits.
- HMAC_SHA2_512_256
- Use the HMAC_SHA2_512 algorithm to encode authentication data, with 512-bit keys and hash truncation to 256 bits.
Restrictions:- The HowToVerifyMsgs parameter is ignored for IKE version 1 SAs.
- This HowToVerifyMsgs parameter is valid only for V1R12 and later releases. See General syntax rules for Policy Agent for details.
- PseudoRandomFunction
- Indicates which pseudo-random function (PRF) to use when generating
keying material for IKE version 2 SAs. The default is HMAC_SHA1.
- AES128_XCBC
- Use the AES128_XCBC algorithm.
Restriction: AES128_XCBC is not accepted when the TCP/IP stack is configured for FIPS 140 mode on the IpFilterPolicy statement.
- HMAC_MD5
- Use the HMAC_MD5 algorithm.
Restriction: HMAC_MD5 is not accepted when the TCP/IP stack is configured for FIPS 140 mode on the IpFilterPolicy statement.
- HMAC_SHA1
- Use the HMAC_SHA1 algorithm.
- HMAC_SHA2_256
- Use the HMAC_SHA2_256 algorithm
- HMAC_SHA2_384
- Use the HMAC_SHA2_384 algorithm.
- HMAC_SHA2_512
- Use the HMAC_SHA2_512 algorithm.
Restrictions:- The PseudoRandomFunction parameter is ignored for IKE version 1 SAs. IKE version 1 always uses the algorithm specified on HowToAuthMsgs to determine its pseudo-random function. For example, if the HowToAuthMsgs value is MD5, then HMAC_MD5 is used.
- This PseudoRandomFunction parameter is valid only for V1R12 and later releases. See General syntax rules for Policy Agent for details.
- HowToAuthPeers
- Specifies the method for authenticating peers during IKE version
1 phase 1 negotiation.
- PresharedKey
- Use a pre-shared key to authenticate the peer.
- RsaSignature
- Use an RSA signature to authenticate the peer.
Restriction: The HowToAuthPeers parameter is ignored for IKE version 2 SAs.
- DHGroup
- Specifies the Diffie-Hellman group used during the phase 1 key
exchange. The default is Group2.
- Group1
- Modular exponentiation group with a 768-bit modulus.
Restriction: Group1 is not accepted when the TCP/IP stack is configured for FIPS 140 mode on the IpFilterPolicy statement.
- Group2
- Modular exponentiation group with a 1024-bit modulus.
Restriction: Group2 is not accepted when the TCP/IP stack is configured for FIPS 140 mode on the IpFilterPolicy statement.
- Group5
- Modular exponentiation group with a 1536-bit modulus.
Restriction: Group5 is not accepted when the TCP/IP stack is configured for FIPS 140 mode on the IpFilterPolicy statement.
- Group14
- Modular exponentiation group with a 2048-bit modulus.
- Group19
- Random 256-bit elliptic curve group.
Restriction: This value is valid only for V1R12 and later releases. See General syntax rules for Policy Agent for details
- Group20
- Random 384-bit elliptic curve group.
Restriction: This value is valid only for V1R12 and later releases. See General syntax rules for Policy Agent for details
- Group21
- Random 521-bit elliptic curve group.
Restriction: This value is valid only for V1R12 and later releases. See General syntax rules for Policy Agent for details
- Group24
- Modular exponentiation group with a 2048-bit modulus and 256-bit
prime order subgroup.
Restriction: This value is valid only for V1R12 and later releases. See General syntax rules for Policy Agent for details
Guideline: If you are using encryption or authentication algorithms with a 128-bit key, use Diffie-Hellman groups 5,14,19,20, or 24. If you are using encryption or authentication algorithms with a key length of 256 bits or greater, use Diffie-Hellman group 21.
Tip: When negotiating a new phase 1 SA and when the negotiation mode is IKE version 1 aggressive mode, only the first offer and its DH group are proposed to the peer. If the negotiation mode is IKE version 1 main mode, all offers and DH groups are proposed to the peer, who will select a particular offer and group. If the negotiation uses IKE version 2, then all offers and DH groups will be proposed, but only one DH group will be calculated in the proposal. The peer is free to either accept the DH group value used or choose a different value from one of the other offers. In that case, the IKE daemon starts the exchange again using the chosen group.
- RefreshLifetimeProposed
- The security association lifetime in minutes. This value is proposed
when acting as the IKE version 1 initiator of a key exchange negotiation.
For IKE version 2, this value determines the refresh lifetime. The
default is 480.
- proposedtime
- The lifetime proposed (for IKE version 1) or used (for IKE version
2) for the phase 1 tunnel. Valid values are in the range 1 - 9 999.
The proposed lifetime value should be within the range specified by
RefreshLifetimeAccepted.
Tip: When negotiating an IKE version 2 SA, the IKE daemon uses the RefreshLifetimeProposed value in the first matching offer for the SA lifetime. Unlike IKE version 1, SA lifetimes are not negotiated under IKE version 2.
- RefreshLifetimeAccepted
- A range of acceptable security association lifetimes in minutes.
This range is accepted when acting as the responder of an IKE version
1 key exchange negotiation. The default is 240 1440.
- mintime
- The minimum lifetime that can be accepted.
- maxtime
- The maximum lifetime that can be accepted. This value must be ≥ to the mintime value.
Restriction: The RefreshLifetimeAccepted parameter is ignored for IKE version 2 SAs.
- RefreshLifesizeProposed
- The security association lifesize in Kilobytes. If a proposedsize value
is specified, then this value is proposed when acting as the IKE version
1 initiator of a key exchange negotiation. For IKE version 2, this
value determines the refresh lifesize. If None is specified,
then no lifesize is proposed for IKE version 1 or used for IKE version
2. The default is None.
- proposedsize
- The proposed lifesize for the negotiation. Valid values are in the range 1 - 4 194 300. The proposed lifetime value should be within the range specified by RefreshLifesizeAccepted value, if that parameter is not specified as None.
- None
- No lifesize should be proposed for IKE version 1 or used for IKE version 2. If the RefreshLifesizeProposed parameter is specified as None, then RefreshLifesizeAccepted value should also be specified as None.
Tip: When negotiating an IKE version 2 SA, the IKE daemon uses the RefreshLifesizeProposed value in the first matching offer for the SA lifesize. Unlike IKE version 1, SA lifesizes are not negotiated under IKE version 2.
- RefreshLifesizeAccepted
- The security association lifesize in Kbytes. If minsize and maxsize values
are specified, this range is accepted when acting as the responder
of key exchange negotiation. If None is specified, no lifesize
is accepted when acting as the responder of a key exchange negotiation.
The default is None.
- minsize
- The minimum lifesize that can be accepted.
- maxsize
- The maximum lifesize that can be accepted. This value must be ≥ to the minsize value.
- None
- No lifesize is accepted. If this parameter is specified as None, then RefreshLifesizeProposed should also be specified as None.
Restriction: The RefreshLifesizeAccepted parameter is ignored for IKE version 2 SAs.