R3721-F3210-F3171-HP High-End Firewalls VPN Command Reference-6PW101
61
IPsec configuration commands
The term "router" in this document refers to both routers and Layer 3 firewalls.
IMPORTANT:
The FIPS mode is available only for the firewall modules. For more information about FIPS, see
Access
Control Configuration Guide
.
ah authentication-algorithm
Syntax
ah authentication-algorithm { md5 | sha1 }
undo ah authentication-algorithm
View
IPsec proposal view
Default level
2: System level
Parameters
md5: Uses MD5. This keyword is not available for FIPS mode.
sha1: Uses SHA1.
Description
Use ah authentication-algorithm to specify an authentication algorithm for the authentication header
(AH) protocol.
Use undo ah authentication-algorithm to restore the default.
The default algorithm for AH is MD5. In FIPS mode, MD5 is not supported and SHA1 is the default
algorithm.
Before specifying the authentication algorithm for AH, be sure to use the transform command to specify
the security protocol as AH or both AH and ESP.
Related commands: ipsec proposal and transform.
Examples
# Configure IPsec proposal prop1 to use AH and SHA1.
<Sysname> system-view
[Sysname] ipsec proposal prop1
[Sysname-ipsec-proposal-prop1] transform ah
[Sysname-ipsec-proposal-prop1] ah authentication-algorithm sha1