HP 7102dl - ProCurve Secure Router Configuration Manual page 560

Virtual Private Networks
Configuring a VPN Using IPSec
Transform Set Algorithm Types
Protocol
AH hash algorithm
ESP • encryption algorithm
• hash algorithm (optional, unless
encryption is not used)
AH and ESP • AH hash algorithm
• ESP encryption algorithm
• ESP hash algorithm (optional)
10-66
You must select at least one algorithm. You can select one each of an AH hash,
ESP encryption, or an ESP hash algorithm. (See Table 10-19.) For example,
enter:
ProCurve(config)# crypto ipsec transform-set T1 ah-md5-hmac esp-3des esp-sha-hmac
See "Transform Sets" on page 10-40 to learn more about transform sets.
Table 10-19. Transform Sets
The algorithms you choose determine the minimum length for the key that
defines the IPSec SA. For example, 3DES uses a 192-bit key. You will input the
key in HEX (rather than true ANSII). Table 10-20 displays the minimum key
lengths for various algorithms.
Algorithm Options (Most
Secure to Least Secure)
• SHA
• MD5
• encryption:
– AES (256-bit key)
– AES (192-bit)
– 3DES
– AES (128-bit)
– DES
– None
• hash:
– SHA
– MD5
• AH hash:
– SHA
– MD5
• ESP encryption:
– AES (256-bit key)
– AES (192-bit)
– 3DES
– AES (128-bit)
– DES
– None
• ESP hash:
– SHA
– MD5
Command Syntax
crypto ipsec transform-set
<setname> [ah-sha-hmac |
ah-md5-hmac]
crypto ipsec transform-set
<setname> [esp-aes-256-cbc |
esp-aes-192-cbc | esp-3des |
esp-aes-128-cbc | esp-des |
esp-null] [esp-sha-hmac |
esp-md5-hmac]
crypto ipsec transform-set
<setname> [ah-sha-hmac |
ah-md5-hmac] [esp-aes-256-
cbc | esp-aes-192-cbc | esp-
3des | esp-aes-128-cbc | esp-
des | esp-null] [esp-sha-hmac
esp-md5-hmac]