Command Reference Guide
3Com Router 3000 Ethernet Family
Command Reference Guide
Chapter 5 IPSec Configuration Commands
3Com Corporation
5-13
The transport mode is suitable for communication between two hosts, or for
communication between a host and a security gateway (like the network management
communication between the gateway workstation and a router). In transport mode, two
devices responsible for encrypting and decrypting packets must be the original sender
and receiver of the packet. Most of the data traffic between two security gateways is not
of the security gateway’s own. So the transport mode is not often used between
security gateways.
The proposal used by the ipsec policies set at both ends of the security tunnel must be
set as having the same packet encapsulation mode.
Related command: ah authentication-algorithm, ipsec proposal, esp
encryption-algorithm, esp authentication-algorithm, proposal, transform.
Example
# Set the IP packet encapsulation mode to transport in the proposal named prop2.
[3Com] ipsec proposal prop2
[3Com-ipsec-proposal- prop2] encapsulation-mode transport
5.1.9 esp authentication-algorithm
Syntax
esp authentication-algorithm { md5 | sha1 }
undo esp authentication-algorithm
View
IPSec proposal view
Parameter
md5: Use MD5 algorithm with the length of the key 128 bits.
sha1: Use SHA1 algorithm with the length of the key 160 bits.
Description
Use the esp authentication-algorithm command to set the authentication algorithm
used by ESP.
Use the undo esp authentication-algorithm command to set ESP not to authenticate
packets.
By default, MD5 algorithm is used.
MD5 is faster than SHA1, while SHA1 is securer than MD5.
ESP permits a packet to be encrypted or authenticated or both.
The encryption and authentication algorithm used by ESP cannot be set to vacant at
the same time.