F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices VPN Command Reference-6PW100
60
IPsec configuration commands
The term "router" in this document refers to both routers and routing-capable firewalls and UTM devices.
The following matrix shows the hardware compatibility for configuring IPsec for IPv6 routing protocols:
Hardware Feature com
p
atible
F1000-A-EI/F1000-S-EI Yes
F1000-E Yes
F5000 Yes
Firewall module Yes
U200-A No
U200-S No
ah authentication-algorithm
Use ah authentication-algorithm to specify authentication algorithms for the AH protocol.
Use undo ah authentication-algorithm to restore the default.
Syntax
ah authentication-algorithm { md5 | sha1 } *
undo ah authentication-algorithm
Default
In non-FIPS mode, the default algorithm is MD5. In FIPS mode, MD5 is not supported and SHA1 is
default algorithm.
Views
IPsec transform set view
Default command level
2: System level
Parameters
md5: Uses MD5.
sha1: Uses SHA1.
Usage guidelines
You must use the transform command to specify the AH security protocol or both AH and ESP before you
specify authentication algorithms for AH.
Examples
# Configure IPsec transform set prop1 to use AH and SHA1.
<Sysname> system-view
[Sysname] ipsec transform-set prop1