Manualshelf

R3303-HP HSR6800 Routers Security Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP HSR68xx Configure-to-Order Router Solution
291292293294295296297298299300
286
esp authentication-algorithm
Use esp authentication-algorithm to specify authentication algorithms for ESP.
Use undo esp authentication-algorithm to restore the default.
Syntax
esp authentication-algorithm { md5 | sha1 }
undo esp authentication-algorithm
Default
In FIPS mode, ESP uses the SHA-1 authentication algorithm.
In non-FIPS mode, ESP uses no authentication algorithm.
Views
IPsec transform set view
Default command level
2: System level
Parameters
md5: Uses the MD5 algorithm, which uses a 128-bit key. This keyword is not supported in FIPS mode.
sha1: Uses the SHA-1 algorithm, which uses a 160-bit key.
Usage guidelines
Compared with SHA-1, MD5 is faster but less secure. MD5 is sufficient for most networks. To deploy a
highly secure network, use SHA-1.
In non-FIPS mode, you must specify an encryption algorithm, an authentication algorithm, or both for ESP.
In FIPS mode, you must specify both an encryption algorithm and an authentication algorithm for ESP.
The undo esp authentication-algorithm command takes effect only if one or more encryption algorithms
are specified for ESP.
Examples
# Configure IPsec transform set prop1 to use ESP and specify SHA-1 as the authentication algorithm for
ESP.
<Sysname> system-view
[Sysname] ipsec transform-set prop1
[Sysname-ipsec-transform-set-prop1] transform esp
[Sysname-ipsec-transform-set-prop1] esp authentication-algorithm sha1
Related commands
ipsec transform-set
esp encryption-algorithm
esp encryption-algorithm
Use esp encryption-algorithm to specify encryption algorithms for ESP.
Use undo esp encryption-algorithm to restore the default.