F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices VPN Command Reference-6PW100

esp authentication-algorithm

Use esp authentication-algorithm to specify authentication algorithms for ESP.

Use undo esp authentication-algorithm to restore the default.

Syntax

esp authentication-algorithm { md5 | sha1 } *

undo esp authentication-algorithm

Default

In non-FIPS mode, the default algorithm is MD5. In FIPS mode, MD5 is not supported, and SHA1 is

default algorithm.

Views

IPsec transform set view

Default command level

2: System level

Parameters

md5: Uses the MD5 algorithm, which uses a 128-bit key.

sha1: Uses the SHA1 algorithm, which uses a 160-bit key.

Usage guidelines

Compared with SHA1, MD5 is faster but less secure. MD5 is sufficient for most networks. To deploy a

highly secure network, use SHA1.

In non-FIPS mode, you must specify an encryption algorithm, an authentication algorithm, or both. In FIPS

mode, you must specify both an encryption algorithm and an authentication algorithm.

The undo esp authentication-algorithm command takes effect only if one or more encryption algorithms

are specified for ESP.

Examples

# Configure IPsec transform set prop1 to use ESP and specify SHA1 as the authentication algorithm for

ESP.

<Sysname> system-view

[Sysname] ipsec transform-set prop1

[Sysname-ipsec-transform-set-prop1] transform esp

[Sysname-ipsec-transform-set-prop1] esp authentication-algorithm sha1

Related commands

• ipsec transform-set

• esp encryption-algorithm

esp encryption-algorithm

Use esp encryption-algorithm to specify encryption algorithms for ESP.

Use undo esp encryption-algorithm to restore the default.