Manualshelf

3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module
151152153154155156157158159160
152 CHAPTER 10: IPSEC CONFIGURATION
Selecting security protocol
The security protocol needs specifying in the IPsec proposal and by far AH and ESP
are the only two options. You are allowed to use AH, ESP, or both, but the choice
must be the same as that at the remote end of the security Tunnel.
Perform the following configuration in the IPsec proposal or card SA proposal
view.
By default, use esp, i.e. RFC2406 specified ESP.
Selecting security algorithm
Different security protocols may use different authentication and encryption
algorithms. Currently AH supports the MD5 and SHA-1 authentication algorithms,
while ESP supports the MD5 and SHA-1 authentication algorithms and the DES,
3DES and AES encryption algorithms.
Perform the following configuration in the IPsec proposal or card SA proposal
view.
ESP will allow encryption and authentication process for packet at the same time,
or encryption only or process authentication only. Attention, undo esp
authentication-algorithm command will not restore authentication method to
the default, but configure authentication method as null, i.e., undo
authentication-method. When encryption algorithm is null, undo esp
authentication-algorithm command is invalid. AH protocol has no encrypting
function and can only perform authentication for packets. undo ah
authentication-algorithm command is used to restore AH protocol default
authentication method as md5. On both ends of security Tunnel, the IPsec
proposals referenced by IPsec policy must be configured with the same
authentication method and encryption algorithm.
Tabl e 130 Select security protocol
Operation Command
Configure security protocol used by IPsec
proposal
transform { ah | ah-esp | esp }
Restore default security protocol undo transform
Tabl e 131 Select security algorithm
Operation Command
Configure encryption algorithm used by ESP esp encryption-algorithm { 3des | des | aes }
Configure undo packet encrypting for ESP undo esp encryption-algorithm
Configure authentication method used by
ESP
esp authentication-algorithm { md5 | sha1 }
Configure undo packet authentication for
ESP
undo esp authentication-algorithm
Configure authentication method used by
AH protocol
ah authentication-algorithm { md5 | sha1 }
Restore AH protocol default authentication
method
undo ah authentication-algorithm