Manualshelf

3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module
371372373374375376377378379380
IPsec Configuration Commands 377
View
IPsec proposal view
Parameter
des: Data Encryption Standard (DES), a universal encryption algorithm with the
length of the key being 56 bits.
3des: 3DES (Triple DES), another universal encryption algorithm with the length of
the key being 168 bits.
aes: AES (Advanced Encryption Standard), an encryption algorithm conforming to
the IETF standards. 128-, 192- and 256-bit key can be implemented on Comware.
Description
Use the esp encryption-algorithm command to set the encryption algorithm
adopted by ESP.
Use the undo esp encryption-algorithm command to set the ESP not to encrypt
packets.
By default, DES algorithm is used.
3DES can meet the requirement of high confidentiality and security, but it is
comparatively slow. And DES can satisfy the normal security requirements.
ESP permits a packet to be encrypted or authenticated or both.
The encryption and authentication methods used by ESP cannot be set to a vacant
value at the same time. The undo esp encryption-algorithm command can take
effect only if the authentication algorithm is not null.
Related command: ipsec proposal, esp authentication-algorithm, proposal,
sa encryption-hex and transform.
Example
# Set ESP to use 3DES.
[SecBlade_VPN] ipsec proposal prop1
[SecBlade_VPN-ipsec-proposal-prop1] transform esp
[SecBlade_VPN-ipsec-proposal-prop1] esp encryption-algorithm 3des
ike dpd Syntax
ike dpd dpd-name
undo ike dpd dpd-name
View
System view
Parameter
dpd-name: Name of dead peer detection (DPD) structure.