Default level
2: System level
Parameters
aes: Uses the Advanced Encryption Standard (AES) in CBC mode as the encryption algorithm. The AES
algorithm uses a 128- bit, 192-bit, or 256-bit key for encryption.
key-length: Key length for the AES algorithm, which can be 128, 192, and 256 and defaults to 128. This
argument is for AES only.
Description
Use the esp encryption-algorithm command to specify an encryption algorithm for ESP.
Use the undo esp encryption-algorithm command to configure ESP not to encrypt packets.
By default, AES- 1 28 is used.
You must use both ESP authentication and encryption.
For ESP, you must specify an encryption algorithm, an authentication algorithm, or both. The undo esp
encryption-algorithm command takes effect only if one authentication algorithm is specified for ESP.
Related commands: ipsec proposal, esp authentication-algorithm, proposal, and transform.
Examples
# Configure IPsec proposal prop1 to use ESP and specify AES as the encryption algorithm for ESP.
<Sysname> system-view
[Sysname] ipsec proposal prop1
[Sysname-ipsec-proposal-prop1] transform esp
[Sysname-ipsec-proposal-prop1] esp encryption-algorithm aes
ike-peer (IPsec policy view)
Syntax
ike-peer peer-name
undo ike-peer peer-name
View
IPsec policy view
Default level
2: System level
Parameters
peer-name: IKE peer name, a string of 1 to 32 characters.
Description
Use the ike-peer command to reference an IKE peer in an IPsec policy configured through IKE
negotiation.
Use the undo ike peer command to remove the reference.
This command applies to only IKE negotiation mode.
Related commands: ipsec policy.
333