Manualshelf

HP VPN Firewall Appliances VPN Command Reference

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
81828384858687888990
74
Default
A security protocol encapsulates IP packets in tunnel mode.
Views
IPsec transform set view
Default command level
2: System level
Parameters
transport: Uses transport mode.
tunnel: Uses tunnel mode.
Usage guidelines
IPsec for IPv6 routing protocols supports only the transport mode.
Examples
# When IPsec uses IKE, configure IPsec transform set tran1 to use the transport encapsulation mode.
<Sysname> system-view
[Sysname] ipsec transform-set tran1
[Sysname-ipsec-transform-set-tran1] encapsulation-mode transport
esp authentication-algorithm
Use esp authentication-algorithm to specify authentication algorithms for ESP.
Use undo esp authentication-algorithm to restore the default.
Syntax
esp authentication-algorithm { md5 | sha1 } *
undo esp authentication-algorithm
Default
In non-FIPS mode, the default algorithm is MD5. In FIPS mode, MD5 is not supported, and SHA1 is
default algorithm.
Views
IPsec transform set view
Default command level
2: System level
Parameters
md5: Uses the MD5 algorithm, which uses a 128-bit key.
sha1: Uses the SHA1 algorithm, which uses a 160-bit key.
Usage guidelines
Compared with SHA1, MD5 is faster but less secure. MD5 is sufficient for most networks. To deploy a
highly secure network, use SHA1.
In non-FIPS mode, you must specify an encryption algorithm, an authentication algorithm, or both. In FIPS
mode, you must specify both an encryption algorithm and an authentication algorithm.