KeyExchangeOffer statement

Use the KeyExchangeOffer statement to define a key exchange offer for a dynamic VPN. A key exchange offer indicates one acceptable way to protect a key exchange for a dynamic VPN. A key exchange offer can be referenced by a KeyExchangeAction statement.

Syntax


>>-KeyExchangeOffer--+------+--| Put Braces and Parameters on Separate Lines |-><
                     '-name-'                                                    

Put Braces and Parameters on Separate Lines

|--+-{-------------------------------+--------------------------|
   +-| KeyExchangeOffer Parameters |-+   
   '-}-------------------------------'   

KeyExchangeOffer Parameters

   .-HowToEncrypt--DES--------------------------.   
|--+--------------------------------------------+--------------->
   '-HowToEncrypt--+-DES----------------------+-'   
                   +-3DES---------------------+     
                   +-AES----------------------+     
                   '-AES_CBC KeyLength keylen '     

   .-HowToAuthMsgs MD5-----------.   
>--+-----------------------------+------------------------------>
   '-HowToAuthMsgs--+-MD5------+-'   
                    +-SHA1-----+     
                    +-SHA2_256-+     
                    +-SHA2_384-+     
                    '-SHA2_512-'     

   .-HowToVerifyMsgs--HMAC_SHA1_96----------.   
>--+----------------------------------------+------------------->
   '-HowToVerifyMsgs--+-AES128_XCBC_96----+-'   
                      +-HMAC_MD5_96-------+     
                      +-HMAC_SHA1_96------+     
                      +-HMAC_SHA2_256_128-+     
                      +-HMAC_SHA2_384_192-+     
                      '-HMAC_SHA2_512_256-'     

   .-PseudoRandomFunction--HMAC_SHA1---------.   
>--+-----------------------------------------+------------------>
   '-PseudoRandomFunction--+-AES128_XCBC---+-'   
                           +-HMAC_MD5------+     
                           +-HMAC_SHA1-----+     
                           +-HMAC_SHA2_256-+     
                           +-HMAC_SHA2_384-+     
                           '-HMAC_SHA2_512-'     

                                     .-DHGroup Group1-------.   
>--HowToAuthPeers--+-PresharedKey-+--+----------------------+--->
                   '-RsaSignature-'  '-DHGroup--+-Group1--+-'   
                                                +-Group2--+     
                                                +-Group5--+     
                                                +-Group14-+     
                                                +-Group19-+     
                                                +-Group20-+     
                                                +-Group21-+     
                                                '-Group24-'     

   .-RefreshLifetimeProposed 480----------.   
>--+--------------------------------------+--------------------->
   '-RefreshLifetimeProposed proposedtime-'   

   .-RefreshLifetimeAccepted 240 1440--------.   
>--+-----------------------------------------+------------------>
   '-RefreshLifetimeAccepted mintime maxtime-'   

   .-RefreshLifesizeProposed None-------------.   
>--+------------------------------------------+----------------->
   '-RefreshLifesizeProposed-+-proposedsize-+-'   
                             '-None---------'     

   .-RefreshLifesizeAccepted None----------------.   
>--+---------------------------------------------+--------------|
   '-RefreshLifesizeAccepted-+-minsize maxsize-+-'   
                             '-None------------'

Parameters

name

A string 1 - 32 characters in length specifying the name of this KeyExchangeOffer statement.

Rule: If this KeyExchangeOffer statement is not specified inline within another statement, a name value must be provided.

If a name is not specified for an inline KeyExchangeOffer statement, a nonpersistent system name is created.

HowToEncrypt

The desired encryption policy for protecting key exchanges. The default is DES.

DES

Use DES encryption, which uses a 56–bit key and a 64–bit initialization vector.

Restriction: DES is not accepted when the TCP/IP stack is configured for FIPS 140 mode on the IpFilterPolicy statement.

3DES

Triple DES runs the DES encryption algorithm three times and uses 192-bits, including 24 parity bits.

Rule: If 3DES is specified but is not supported by the system, then the Policy Agent fails the policy.

AES

Deprecated and treated as a synonym for AES_CBC KeyLength 128.

Rule: If AES is specified but AES encryption in CBC mode is not supported by this TCP/IP stack, Policy Agent fails the policy.

AES_CBC

The AES algorithm is used in Cipher Block Chaining (CBC) mode.

Rules:

The key length is measured in bits, and a keylen of either 128 or 256 must be specified.
If AES_CBC is specified but AES encryption is not supported by this TCP/IP stack, Policy Agent fails the policy.

Restriction: This value is valid only for V1R12 and later releases. See General syntax rules for Policy Agent for details

HowToAuthMsgs

The desired hash algorithm for authenticating IKE version 1 key exchange messages. The default is MD5.

MD5: Use the HMAC MD5 algorithm.
Restriction: MD5 is not accepted when the TCP/IP stack is configured for FIPS 140 mode on the IpFilterPolicy statement.
SHA1: Use the HMAC_SHA1 algorithm.
SHA2_256: Use the HMAC_SHA2_256_128 algorithm.
Restriction: This value is valid only for V1R12 and later releases. See General syntax rules for Policy Agent for details
SHA2_384: Use the HMAC_SHA2_384_192 algorithm.
Restriction: This value is valid only for V1R12 and later releases. See General syntax rules for Policy Agent for details
SHA2_512: Use the HMAC_SHA2_512_256 algorithm.
Restriction: This value is valid only for V1R12 and later releases. See General syntax rules for Policy Agent for details

Restriction: The HowToAuthMsgs parameter is ignored for IKE version 2 SAs.

HowToVerifyMsgs

The desired authentication algorithm for verifying message integrity of IKE version 2 key exchange messages. The default is HMAC_SHA1_96.

AES128_XCBC_96: Use the AES128_XCBC algorithm to encode authentication data, with 128-bit keys and hash truncation to 96 bits.
Restriction: AES128_XCBC_96 is not accepted when the TCP/IP stack is configured for FIPS 140 mode on the IpFilterPolicy statement.
HMAC_MD5_96: Use the HMAC_MD5_96 algorithm.
Restriction: HMAC_MD5_96 is not accepted when the TCP/IP stack is configured for FIPS 140 mode on the IpFilterPolicy statement.
HMAC_SHA1_96: Use the HMAC_SHA1_96 algorithm.
HMAC_SHA2_256_128: Use the HMAC_SHA2_256 algorithm to encode authentication data, with 256-bit keys and hash truncation to 128 bits.
HMAC_SHA2_384_192: Use the HMAC_SHA2_384 algorithm to encode authentication data, with 384-bit keys and hash truncation to 192 bits.
HMAC_SHA2_512_256: Use the HMAC_SHA2_512 algorithm to encode authentication data, with 512-bit keys and hash truncation to 256 bits.

Restrictions:

The HowToVerifyMsgs parameter is ignored for IKE version 1 SAs.
This HowToVerifyMsgs parameter is valid only for V1R12 and later releases. See General syntax rules for Policy Agent for details.

PseudoRandomFunction

Indicates which pseudo-random function (PRF) to use when generating keying material for IKE version 2 SAs. The default is HMAC_SHA1.

AES128_XCBC: Use the AES128_XCBC algorithm.
Restriction: AES128_XCBC is not accepted when the TCP/IP stack is configured for FIPS 140 mode on the IpFilterPolicy statement.
HMAC_MD5: Use the HMAC_MD5 algorithm.
Restriction: HMAC_MD5 is not accepted when the TCP/IP stack is configured for FIPS 140 mode on the IpFilterPolicy statement.
HMAC_SHA1: Use the HMAC_SHA1 algorithm.
HMAC_SHA2_256: Use the HMAC_SHA2_256 algorithm
HMAC_SHA2_384: Use the HMAC_SHA2_384 algorithm.
HMAC_SHA2_512: Use the HMAC_SHA2_512 algorithm.

Restrictions:

The PseudoRandomFunction parameter is ignored for IKE version 1 SAs. IKE version 1 always uses the algorithm specified on HowToAuthMsgs to determine its pseudo-random function. For example, if the HowToAuthMsgs value is MD5, then HMAC_MD5 is used.
This PseudoRandomFunction parameter is valid only for V1R12 and later releases. See General syntax rules for Policy Agent for details.

HowToAuthPeers

Specifies the method for authenticating peers during IKE version 1 phase 1 negotiation.

PresharedKey: Use a pre-shared key to authenticate the peer.
RsaSignature: Use an RSA signature to authenticate the peer.

Restriction: The HowToAuthPeers parameter is ignored for IKE version 2 SAs.

DHGroup

Specifies the Diffie-Hellman group used during the phase 1 key exchange. The default is Group1.

Group1: Modular exponentiation group with a 768-bit modulus.
Restriction: Group1 is not accepted when the TCP/IP stack is configured for FIPS 140 mode on the IpFilterPolicy statement.
Group2: Modular exponentiation group with a 1024-bit modulus.
Restriction: Group2 is not accepted when the TCP/IP stack is configured for FIPS 140 mode on the IpFilterPolicy statement.
Group5: Modular exponentiation group with a 1536-bit modulus.
Restriction: Group5 is not accepted when the TCP/IP stack is configured for FIPS 140 mode on the IpFilterPolicy statement.
Group14: Modular exponentiation group with a 2048-bit modulus.
Group19: Random 256-bit elliptic curve group.
Restriction: This value is valid only for V1R12 and later releases. See General syntax rules for Policy Agent for details
Group20: Random 384-bit elliptic curve group.
Restriction: This value is valid only for V1R12 and later releases. See General syntax rules for Policy Agent for details
Group21: Random 521-bit elliptic curve group.
Restriction: This value is valid only for V1R12 and later releases. See General syntax rules for Policy Agent for details
Group24: Modular exponentiation group with a 2048-bit modulus and 256-bit prime order subgroup.
Restriction: This value is valid only for V1R12 and later releases. See General syntax rules for Policy Agent for details

Guideline: If you are using encryption or authentication algorithms with a 128-bit key, use Diffie-Hellman groups 5,14,19,20, or 24. If you are using encryption or authentication algorithms with a key length of 256 bits or greater, use Diffie-Hellman group 21.

Tip: When negotiating a new phase 1 SA and when the negotiation mode is IKE version 1 aggressive mode, only the first offer and its DH group are proposed to the peer. If the negotiation mode is IKE version 1 main mode, all offers and DH groups are proposed to the peer, who will select a particular offer and group. If the negotiation uses IKE version 2, then all offers and DH groups will be proposed, but only one DH group will be calculated in the proposal. The peer is free to either accept the DH group value used or choose a different value from one of the other offers. In that case, the IKE daemon starts the exchange again using the chosen group.

RefreshLifetimeProposed

The security association lifetime in minutes. This value is proposed when acting as the IKE version 1 initiator of a key exchange negotiation. For IKE version 2, this value determines the refresh lifetime. The default is 480.

proposedtime: The lifetime proposed (for IKE version 1) or used (for IKE version 2) for the phase 1 tunnel. Valid values are in the range 1 - 9 999. The proposed lifetime value should be within the range specified by RefreshLifetimeAccepted.
Tip: When negotiating an IKE version 2 SA, the IKE daemon uses the RefreshLifetimeProposed value in the first matching offer for the SA lifetime. Unlike IKE version 1, SA lifetimes are not negotiated under IKE version 2.

RefreshLifetimeAccepted

A range of acceptable security association lifetimes in minutes. This range is accepted when acting as the responder of an IKE version 1 key exchange negotiation. The default is 240 1440.

mintime: The minimum lifetime that can be accepted.
maxtime: The maximum lifetime that can be accepted. This value must be ≥ to the mintime value.

Valid values for each option are in the range 1 - 9 999.

Restriction: The RefreshLifetimeAccepted parameter is ignored for IKE version 2 SAs.

RefreshLifesizeProposed

The security association lifesize in Kilobytes. If a proposedsize value is specified, then this value is proposed when acting as the IKE version 1 initiator of a key exchange negotiation. For IKE version 2, this value determines the refresh lifesize. If None is specified, then no lifesize is proposed for IKE version 1 or used for IKE version 2. The default is None.

proposedsize: The proposed lifesize for the negotiation. Valid values are in the range 1 - 4 194 300. The proposed lifetime value should be within the range specified by RefreshLifesizeAccepted value, if that parameter is not specified as None.
None: No lifesize should be proposed for IKE version 1 or used for IKE version 2. If the RefreshLifesizeProposed parameter is specified as None, then RefreshLifesizeAccepted value should also be specified as None.

Tip: When negotiating an IKE version 2 SA, the IKE daemon uses the RefreshLifesizeProposed value in the first matching offer for the SA lifesize. Unlike IKE version 1, SA lifesizes are not negotiated under IKE version 2.

RefreshLifesizeAccepted

The security association lifesize in Kbytes. If minsize and maxsize values are specified, this range is accepted when acting as the responder of key exchange negotiation. If None is specified, no lifesize is accepted when acting as the responder of a key exchange negotiation. The default is None.

minsize: The minimum lifesize that can be accepted.
maxsize: The maximum lifesize that can be accepted. This value must be ≥ to the minsize value.
None: No lifesize is accepted. If this parameter is specified as None, then RefreshLifesizeProposed should also be specified as None.

Valid values for the minsize and maxsize options are in the range 1 - 4 194 300.

Restriction: The RefreshLifesizeAccepted parameter is ignored for IKE version 2 SAs.