Manualshelf

3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module
391392393394395396397398399400
IPsec Configuration Commands 395
undo transform
View
IPsec proposal view
Parameter
ah: Uses AH protocol specified in RFC2402.
ah-esp: Uses ESP specified in RFC2406 to protect the packets and then use AH
protocol specified in RFC2402 to authenticate packets.
esp: Uses ESP specified in RFC2406.
Description
Use the transform command to set a security protocol used by a proposal.
Use the undo transform command to restore the default security protocol.
By default, esp, that is, the ESP specified in RFC2406 is used.
If ESP is adopted, the default encryption algorithm is DES and the authentication
algorithm is MD5.
If AH is adopted, the default authentication algorithm is MD5.
If the parameter ah-esp is specified, the default authentication algorithm for AH is
MD5 and the default encryption algorithm for ESP is DES without authentication.
AH protocol provides data authentication, data integrity check and anti-replay
function.
ESP protocol provides data authentication, data integrity check, anti-replay
function and data encryption.
While establishing a SA manually, the proposals used by the IPsec policy set at
both ends of the security tunnel must be set as using the same security protocol.
The following figure illustrates the data encapsulation formats of different security
protocols in the transport mode and the tunnel mode.
Figure 52 Data encapsulation formats of security protocols
data" in the figure is the original IP datagram.
Site 1
VPN 1
VPN 3
VPN 2
Site 5
Site 3
Site 4
Site 2