Manualshelf

R3721-F3210-F3171-HP High-End Firewalls VPN Command Reference-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
81828384858687888990
80
esp encryption-algorithm
Syntax
esp encryption-algorithm { 3des | aes [ key-length ] | des }
undo esp encryption-algorithm
View
IPsec proposal view
Default level
2: System level
Parameters
3des: Uses triple DES (3DES) in cipher block chaining (CBC) mode as the encryption algorithm. The
3DES algorithm uses a 168-bit key for encryption. This keyword is not available for FIPS mode.
aes: Uses the Advanced Encryption Standard (AES) in CBC mode as the encryption algorithm. The AES
algorithm uses a 128- bit, 192-bit, or 256-bit key for encryption.
key-length: Key length for the AES algorithm, which can be 128, 192, and 256 and defaults to 128. This
argument is for AES only.
des: Uses the Data Encryption Standard (DES) in CBC mode as the encryption algorithm. The DES
algorithm uses a 56-bit key for encryption. This keyword is not available for FIPS mode.
Description
Use esp encryption-algorithm to specify an encryption algorithm for ESP.
Use undo esp encryption-algorithm to configure ESP not to encrypt packets.
The default encryption algrithm for ESP is DES. In FIPS mode, DES is not supported and the default
encryption algorithm for ESP is AES-128.
3DES provides high confidentiality and security, but it is slow in encryption. For a network that requires
moderate confidentiality and security, DES is sufficient.
ESP supports three IP packet protection schemes: encryption only, authentication only, or both encryption
and authentication. For ESP, you must specify an encryption algorithm, an authentication algorithm, or
both. The undo esp encryption-algorithm command takes effect only if one authentication algorithm is
specified for ESP.
In FIPS mode, ESP must use both encryption and authentication algorithms. If you disable ESP
authentication and encryption, the default authentication and encryption algorithms are used.
Related commands: ipsec proposal, esp authentication-algorithm, proposal, and transform.
Examples
# Configure IPsec proposal prop1 to use ESP and specify 3DES as the encryption algorithm for ESP.
<Sysname> system-view
[Sysname] ipsec proposal prop1
[Sysname-ipsec-proposal-prop1] transform esp
[Sysname-ipsec-proposal-prop1] esp encryption-algorithm 3des