R2511-HP MSR Router Series Security Command Reference(V5)
179
IPsec configuration commands
The MSR series routers support ACL-based IPsec in either standard or aggregation data flow protection
mode.
The following matrix shows the FIPS and hardware compatibility:
Hardware FIPS mode
MSR900 No.
MSR93X No.
MSR20-1X No.
MSR20 Yes.
MSR30 Yes (except the MSR30-16).
MSR50 Yes.
MSR1000 Yes.
ah authentication-algorithm
Use ah authentication-algorithm to specify authentication algorithms for the AH protocol.
Use undo ah authentication-algorithm to restore the default.
Syntax
ah authentication-algorithm { aes-xcbc-mac | md5 | sha1 | sha2-256 } *
undo ah authentication-algorithm
Default
In FIPS mode, MD5 is not supported, and AH uses SHA-1 for authentication.
In non-FIPS mode, no authentication algorithm is specified.
Views
IPsec transform set view
Default command level
2: System level
Parameters
aes-xcbc-mac: Uses the AEX-XCBC-MAC algorithm.
md5: Uses the HMAC-MD5 algorithm, which uses a 128-bit key.
sha1: Uses the HMAC-SHA1 algorithm, which uses a 160-bit key.
sha2-256: Uses the SHA2-256 algorithm.