Manualshelf

Command Reference Guide

ManualsBrandsHP ManualsRoutersHP 3000 Router Series
1161116211631164116511661167116811691170
3Com Router 3000 Ethernet Family
Command Reference Guide
Chapter 5 IPSec Configuration Commands
3Com Corporation
5-33
5.1.26 transform
Syntax
transform { ah | ah-esp | esp }
undo transform
View
IPSec proposal view
Parameter
ah: Uses AH protocol specified in RFC2402.
ah-esp: Uses ESP specified in RFC2406 to protect the packets and then uses AH
protocol specified in RFC2402 to authenticate packets.
esp: Uses ESP specified in RFC2406.
Description
Use the transform command to set a security protocol used by a proposal.
Use the undo transform command to restore the default security protocol.
By default, esp, that is, the ESP specified in RFC2406 is used.
If ESP is adopted, the default encryption algorithm is DES and the authentication
algorithm is MD5.
If AH is adopted, the default authentication algorithm is MD5.
If the parameter ah-esp is specified, the default authentication algorithm for AH is MD5
and the default encryption algorithm for ESP is DES without authentication.
AH protocol provides data authentication, data integrity check and anti-replay function.
ESP protocol provides data authentication, data integrity check, anti-replay function
and data encryption.
While establishing a SA manually, the proposals used by the ipsec policy set at both
ends of the security tunnel must be set as using the same security protocol.
The following figure illustrates the data encapsulation formats of different security
protocols in the transport mode and the tunnel mode.