R0106-HP MSR Router Series Security Command Reference(V7)
295
IPsec commands
The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features,
commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about
FIPS mode, see Security Configuration Guide.
By default, the device provides low encryption. To obtain high encryption, you must install the Strong
Cryptography feature license. This feature provides stronger cryptography, additional IPsec tunnels, and
higher encryption performance. For more information about obtaining the Strong Cryptography feature
license, see the release notes or contact your HP sales representative.
Support for features, commands, and parameters differs with the cryptography capability.
ah authentication-algorithm
Use ah authentication-algorithm to specify authentication algorithms for the AH protocol.
Use undo ah authentication-algorithm to remove all specified authentication algorithms for the AH
protocols.
Syntax
In non-FIPS mode:
ah authentication-algorithm { md5 | sha1 } *
undo ah authentication-algorithm
In FIPS mode:
ah authentication-algorithm sha1
undo ah authentication-algorithm
Default
AH does not use any authentication algorithm.
Views
IPsec transform set view
Predefined user roles
network-admin
Parameters
md5: Uses the HMAC-MD5 algorithm, which uses a 128-bit key.
sha1: Uses the HMAC-SHA1 algorithm, which uses a 160-bit key.
Usage guidelines
In non-FIPS mode, you can specify multiple AH authentication algorithms for one IPsec transform set, and
the algorithm specified earlier has a higher priority.
For a manual or IKEv1-based IPsec policy, the first specified AH authentication algorithm takes effect. To
make sure an IPsec tunnel can be established successfully, the IPsec transform sets specified at both ends
of the tunnel must have the same first AH authentication algorithm.