Command Reference Guide
3Com Router 3000 Ethernet Family
Command Reference Guide
Chapter 5 IPSec Configuration Commands
3Com Corporation
5-15
3DES can meet the requirement of high confidentiality and security, but it is
comparatively slow. And DES can satisfy the normal security requirements.
ESP permits a packet to be encrypted or authenticated or both.
The encryption and authentication methods used by ESP cannot be set to a vacant
value at the same time. The undo esp encryption-algorithm command can take
effect only if the authentication algorithm is not null.
Related command: ipsec proposal, esp authentication-algorithm, proposal,
transform.
Example
# Configure ESP with the 3DES encryption algorithm in the proposal named prop1.
[3Com] ipsec proposal prop1
[3Com-ipsec-proposal-prop1] transform esp
[3Com-ipsec-proposal-prop1] esp encryption-algorithm 3des
5.1.11 ipsec policy(in Interface View)
Syntax
ipsec policy policy-name
undo ipsec policy [ policy-name ]
View
Interface view
Parameter
policy-name: Specifies the name of an ipsec policy group applied at the interface. The
ipsec policy group with name policy-name should be configured in system view.
Description
Use the ipsec policy(interface view) command to apply an ipsec policy group with the
name policy-name at the interface,.
Use the undo ipsec policy (interface view) command to remove one or all ipsec policy
group from the interface so as to disable the IPSec function of the interface.
At an interface, only one ipsec policy group can be applied. An ipsec policy group can
be applied at multiple interfaces.
When a packet is sent from an interface, it searches for each ipsec policy in the ipsec
policy group by number in an ascending order. If the packet matches an access control
list used by an ipsec policy, then this ipsec policy is used to process the packet;
otherwise it continues to search for the next ipsec policy. If the packet does not match