317
Views
IPsec transform set view
Predefined user roles
network-admin
Parameters
md5: Uses the HMAC-MD5 algorithm, which uses a 128-bit key.
sha1: Uses the HMAC-SHA1 algorithm, which uses a 160-bit key.
Usage guidelines
In non-FIPS mode, you can specify multiple ESP authentication algorithms for one IPsec transform set, and
the algorithm specified earlier has a higher priority.
For a manual or IKEv1-based IPsec policy, the first specified ESP authentication algorithm takes effect. To
make sure an IPsec tunnel can be established successfully, the IPsec transform sets specified at both ends
of the tunnel must have the same first ESP authentication algorithm.
Examples
# Configure the IPsec transform set tran1 to use HMAC-SHA1 algorithm as the ESP authentication
algorithm.
<Sysname> system-view
[Sysname] ipsec transform-set tran1
[Sysname-ipsec-transform-set-tran1] esp authentication-algorithm sha1
Related commands
ipsec transform-set
esp encryption-algorithm
Use esp encryption-algorithm to specify encryption algorithms for ESP.
Use undo esp encryption-algorithm to remove all encryption algorithms specified for ESP.
Syntax
In non-FIPS mode:
esp encryption-algorithm { 3des-cbc | aes-cbc-128 | aes-cbc-192 | aes-cbc-256 | des-cbc | null } *
undo esp encryption-algorithm
In FIPS mode:
esp encryption-algorithm { aes-cbc-128 | aes-cbc-192 | aes-cbc-256 }*
undo esp encryption-algorithm
Default
ESP does not use any encryption algorithms.
Views
IPsec transform set view
Predefined user roles
network-admin
To Next Page
Loading...
Need help?
General
