R2511-HP MSR Router Series Security Command Reference(V5)
200
<Sysname> system-view
[Sysname] ipsec transform-set prop1
[Sysname-ipsec-transform-set-prop1] transform esp
[Sysname-ipsec-transform-set-prop1] esp authentication-algorithm sha1
Related commands
• ipsec transform-set
• esp encryption-algorithm
esp encryption-algorithm
Use esp encryption-algorithm to specify encryption algorithms for ESP.
Use undo esp encryption-algorithm to restore the default.
Syntax
esp encryption-algorithm { 3des | aes-cbc-128 | aes-cbc-192 | aes-cbc-256 | aes-ctr-128 | aes-ctr-192
| aes-ctr-256 | camellia-cbc-128 | camellia-cbc-192 | camellia-cbc-256 | des } *
undo esp encryption-algorithm
Default
In FIPS mode, DES and 3DES are not supported, and ESP uses AES-128 for encryption.
In non-FIPS mode, no encryption algorithm is specified.
Views
IPsec transform set view
Default command level
2: System level
Parameters
3des: Uses triple Data Encryption Standard (3DES) in CBC mode, which uses a 168-bit key.
aes-cbc-128: Uses Advanced Encryption Standard (AES) in CBC mode that uses a 128-bit key.
aes-cbc-192: Uses AES in CBC mode that uses a 192-bit key.
aes-cbc-256: Uses AES in CBC mode that uses a 256-bit key.
aes-ctr-128: Uses AES in CTR mode that uses a 128-bit key.
aes-ctr-192: Uses AES in CTR mode that uses a 192-bit key.
aes-ctr-256: Uses AES in CTR mode that uses a 256-bit key.
camellia-cbc-128: Uses Camellia in cipher block chaining (CBC) mode that uses a 128-bit key.
camellia-cbc-192: Uses Camellia in CBC mode that uses a 192-bit key.
camellia-cbc-256: Uses Camellia in CBC mode that uses a 256-bit key.
des: Uses DES in CBC mode, which uses a 56-bit key.
Usage guidelines
In non-FIPS mode, you can configure ESP authentication, encryption, or both authentication and
encryption.