3Com 3C13636 Configuration Manual page 1116

3Com Router 3000 Ethernet Family
Configuration Guide
III. Selecting packet encapsulation mode
You MUST specify encapsulation mode in a security proposal. In addition, the same
encapsulation mode MUST be adopted at the two ends of a security tunnel.
Perform the following configurations in IPSec proposal or card SA proposal view.
Table 7-3 Select a packet encapsulation mode
Set the IP datagram encapsulation mode
adopted by the security protocol.
Restore the default encapsulation mode.
Normally, tunnel mode is always adopted between two security GWs (routers).
Transport mode is always preferred, however, with respect to the communication
between two hosts or between a host and a security GW (for example, in the network
management communication between a GW workstation and a router, the security GW
is the receiving host relative to the GW data).
By default, tunnel mode is adopted.
IV. Selecting security protocol
The security protocol needs specifying in the IPSec proposal and by far AH and ESP
are the only two options. You are allowed to use AH, ESP, or both, but the choice must
be the same as that at the remote end of the security tunnel.
Perform the following configuration in the IPSec proposal or card SA proposal view.
Table 7-4 Select security protocol
Configure security protocol used by
IPSec proposal
Restore default security protocol
By default, esp (defined by RFC 2406) applies.
V. Selecting security algorithm
Different security protocols may use different authentication and encryption algorithms.
Currently AH supports the MD5 and SHA-1 authentication algorithms, while ESP
supports the MD5 and SHA-1 authentication algorithms and the DES, 3DES and AES
encryption algorithms.
Perform the following configuration in the IPSec proposal or card SA proposal view.
Operation
Operation
3Com Corporation
7-12
Chapter 7 IPSec Configuration
Command
encapsulation-mode { transport |
tunnel }
undo encapsulation-mode
Command
transform { ah | ah-esp | esp }
undo transform