Manualshelf

R3303-HP HSR6800 Routers Security Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP HSR68xx Configure-to-Order Router Solution
271272273274275276277278279280
265
IPsec configuration commands
The router supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features,
commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about
FIPS mode, see Security Configuration Guide.
ah authentication-algorithm
Use ah authentication-algorithm to specify authentication algorithms for the AH protocol.
Use undo ah authentication-algorithm to restore the default.
Syntax
ah authentication-algorithm { md5 | sha1 }
undo ah authentication-algorithm
Default
In FIPS mode, AH uses the SHA-1 authentication algorithm.
In non-FIPS mode, AH uses no authentication algorithm.
Views
IPsec transform set view
Default command level
2: System level
Parameters
md5: Uses MD5. This keyword is not supported in FIPS mode.
sha1: Uses SHA-1.
Usage guidelines
You must use the transform command to specify the AH security protocol or both AH and ESP before you
specify authentication algorithms for AH.
Examples
# Configure IPsec transform set prop1 to use AH and SHA-1.
<Sysname> system-view
[Sysname] ipsec transform-set prop1
[Sysname-ipsec-transform-set-prop1] transform ah
[Sysname-ipsec-transform-set-prop1] ah authentication-algorithm sha1
Related commands
ipsec transform-set
transform