254
Description
Use the esp authentication-algorithm command to specify the authentication algorithm for ESP.
Use the undo esp authentication-algorithm command to configure ESP not to perform authentication on
packets.
By default, the MD5 algorithm is used.
Related commands: ipsec proposal, esp encryption-algorithm, proposal, and transform.
Examples
# Configure IPsec proposal prop1 to use ESP and specify SHA1 as the authentication algorithm for ESP.
<Sysname> system-view
[Sysname] ipsec proposal prop1
[Sysname-ipsec-proposal-prop1] transform esp
[Sysname-ipsec-proposal-prop1] esp authentication-algorithm sha1
esp encryption-algorithm
Syntax
esp encryption-algorithm { 3des | aes [ key-length ] | des }
undo esp encryption-algorithm
View
IPsec proposal view
Default level
2: System level
Parameters
3des: Uses triple DES (3DES) in cipher block chaining (CBC) mode as the encryption algorithm. The
3DES algorithm uses a 168-bit key for encryption.
aes: Uses advanced encryption standard (AES) in CBC mode as the encryption algorithm. The AES
algorithm uses a 128- bit, 192-bit, or 256-bit key for encryption.
key-length: Key length for the AES algorithm, which can be 128, 192, and 256 and is defaulted to 128.
This argument is for AES only.
des: Uses data encryption standard (DES) in CBC mode as the encryption algorithm, The DES algorithm
uses a 56-bit key for encryption.
Description
Use the esp encryption-algorithm command to specify the encryption algorithm for ESP.
Use the undo esp encryption-algorithm command to configure ESP not to encrypt packets.
By default, the DES algorithm is used.
3DES is well suited for environments with high demand on confidentiality and security, but it is
comparatively slow in encryption. DES is enough to satisfy normal security requirements.
ESP allows the encryption and authentication of a packet.
To Next Page
Loading...
