HP VPN Firewall Appliances VPN Command Reference

The undo esp authentication-algorithm command takes effect only if one or more encryption algorithms

are specified for ESP.

Examples

# Configure IPsec transform set prop1 to use ESP and specify SHA1 as the authentication algorithm for

ESP.

<Sysname> system-view

[Sysname] ipsec transform-set prop1

[Sysname-ipsec-transform-set-prop1] transform esp

[Sysname-ipsec-transform-set-prop1] esp authentication-algorithm sha1

Related commands

• ipsec transform-set

• esp encryption-algorithm

esp encryption-algorithm

Use esp encryption-algorithm to specify encryption algorithms for ESP.

Use undo esp encryption-algorithm to restore the default.

Syntax

esp encryption-algorithm { 3des | aes-cbc-128 | aes-cbc-192 | aes-cbc-256 | des } *

undo esp encryption-algorithm

Default

In non-FIPS mode, the default algorithm is DES. In FIPS mode, DES and 3DES are not supported and

AES-128 is default algorithm.

Views

IPsec transform set view

Default command level

2: System level

Parameters

3des: Uses the triple Data Encryption Standard (3DES) in CBC mode, which uses a 168-bit key.

aes-cbc-128: Uses the Advanced Encryption Standard (AES) in CBC mode that uses a 128- bit key.

aes-cbc-192: Uses AES in CBC mode that uses a 192-bit key.

aes-cbc-256: Uses AES in CBC mode that uses a 256-bit key.

des: Uses the DES in cipher block chaining (CBC) mode, which uses a 56-bit key.

Usage guidelines

ESP supports three IP packet protection schemes: encryption only, authentication only, or both encryption

and authentication.

In non-FIPS mode, you must specify an encryption algorithm, an authentication algorithm, or both.

In FIPS mode, you must specify both an encryption algorithm and an authentication algorithm. Deleting

the encryption algorithm and the authentication algorithm will restore the default algorithms in FIPS

mode.