Command Reference Guide
3Com Router 3000 Ethernet Family
Command Reference Guide
Chapter 5 IPSec Configuration Commands
3Com Corporation
5-1
Chapter 5 IPSec Configuration Commands
5.1 IPSec Configuration Commands
5.1.1 ah authentication-algorithm
Syntax
ah authentication-algorithm { md5 | sha1 }
undo ah authentication-algorithm
View
IPSec proposal view
Parameter
md5: MD5 algorithm is adopted.
sha1: SHA1 algorithm is adopted.
Description
Use the ah authentication-algorithm command to set the authentication algorithm
adopted by Authentication Header protocol in IPSec proposal.
Use the undo ah authentication-algorithm command to restore the default setting.
By default, the md5 authentication algorithm is adopted by Authentication Header
protocol in IPSec proposal.
AH protocol cannot be used to encrypt, but to authenticate.
MD5 algorithm uses the 128-bit message digest, and SHA1 uses the 160-bit message
digest. By comparison, MD5 is faster than SHA1, while SHA1 is securer than MD5.
The IPSec proposal adopted by the security policy at both ends of the security tunnel
must be set as using the same authentication algorithm.
Can the AH authentication algorithm be configured only if AH or AH-ESP security
protocol was selected by executing the transform command.
Related command: ipsec proposal, proposal, sa spi and transform.
Example
# Set an IPSec proposal with AH adopting SHA1.
[3Com] ipsec proposal prop1
[3Com-ipsec-proposal-prop1] transform ah
[3Com-ipsec-proposal- prop1] ah authentication-algorithm sha1