3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

371

372

373

374

375

376

377

378

379

380

376 CHAPTER 22: IPSEC CONFIGURATION COMMANDS

esp authentication-

algorithm

Syntax

esp authentication-algorithm { md5 | sha1 }

undo esp authentication-algorithm

View

IPsec proposal configuration view

Parameter

md5: Use MD5 algorithm with the length of the key 128 bits.

sha1: Use SHA1 algorithm with the length of the key 160 bits.

Description

Use the esp authentication-algorithm command to set the authentication

algorithm used by ESP.

Use the undo esp authentication-algorithm command to set ESP not to

authenticate packets.

By default, MD5 algorithm is used.

MD5 is faster than SHA1, while SHA1 is securer than MD5.

ESP permits a packet to be encrypted or authenticated or both.

The encryption and authentication algorithm used by ESP cannot be set to vacant

at the same time.

The undo esp authentication-algorithm command is not used to restore the

authentication algorithm to the default; instead it is used to set the authentication

algorithm to vacant, i.e. not authentication. When the encryption algorithm is not

vacant, the undo esp authentication-algorithm command is valid.

The proposal used by the IPsec policies set at both ends of the security tunnel must

be set as having the same authentication algorithm.

Related command: ipsec proposal, esp encryption-algorithm, proposal, sa

encryption-hex, transform.

Example

# Set a proposal that adopts ESP, and uses SHA1.

[SecBlade_VPN] ipsec proposal prop1

[SecBlade_VPN-ipsec-proposal- prop1] transform esp

[SecBlade_VPN-ipsec-proposal- prop1] esp authentication-algorithm sha1

esp

encryption-algorithm

Syntax

esp encryption-algorithm { 3des | des | aes }

undo esp encryption-algorithm