318
Parameters
3des-cbc: Uses the 3DES algorithm in CBC mode, which uses a 168-bit key.
aes-cbc-128: Uses the AES algorithm in CBC mode, which uses a 128- bit key.
aes-cbc-192: Uses AES algorithm in CBC mode, which uses a 192-bit key.
aes-cbc-256: Uses AES algorithm in CBC mode, which uses a 256-bit key.
des-cbc: Uses the DES algorithm in CBC mode, which uses a 64-bit key.
null: Uses the NULL algorithm, which means encryption is not performed.
Usage guidelines
You can specify multiple ESP encryption algorithms for one IPsec transform set, and the algorithm
specified earlier has a higher priority.
For a manual or IKEv1-based IPsec policy, the first specified ESP encryption algorithm takes effect. To
make sure an IPsec tunnel can be established successfully, the IPsec transform sets specified at both ends
of the tunnel must have the same first ESP encryption algorithm.
Examples
# Configure the IPsec transform set tran1 to use aes-cbc-128 as the ESP encryption algorithm.
<Sysname> system-view
[Sysname] ipsec transform-set tran1
[Sysname-ipsec-transform-set-tran1] esp encryption-algorithm aes-cbc-128
Related commands
ipsec transform-set
ike-profile
Use ike-profile to specify an IKE profile for an IPsec policy or IPsec policy template.
Use undo ike-profile to remove the configuration.
Syntax
ike-profile profile-name
undo ike-profile
Default
An IPsec policy or IPsec policy template does not reference any IKE profile, and the device selects an IKE
profile configured in system view for negotiation. If no IKE profile is configured, the globally configured
IKE settings are used.
Views
IPsec policy view, IPsec policy template view
Predefined user roles
network-admin
Parameters
profile-name: Specifies an IKE profile by its name, a case-insensitive string of 1 to 63 characters.
To Next Page
Loading...
Need help?
General
