Esp Authentication-Algorithm - HPE FlexNetwork HSR6800 Security Command Reference
Hide thumbs
Also See for FlexNetwork HSR6800:
- Configuration manual (503 pages) ,
- Command reference manual (153 pages) ,
- Product end-of-life disassembly instructions (2 pages)
Table of Contents
Advertisement
Parameters
transport: Uses transport mode.
tunnel: Uses tunnel mode.
Usage guidelines
IPsec for IPv6 routing protocols supports only the transport mode.
When IPsec uses IKE to set up the IPsec tunnel, this command can be used only in IPsec transform
set view.
Examples
# When IPsec uses IKE, configure IPsec transform set tran1 to use the transport encapsulation
mode.
<Sysname> system-view
[Sysname] ipsec transform-set tran1
[Sysname-ipsec-transform-set-tran1] encapsulation-mode transport
Related commands
ipsec transform-set
esp authentication-algorithm
Use esp authentication-algorithm to specify authentication algorithms for ESP.
Use undo esp authentication-algorithm to restore the default.
Syntax
esp authentication-algorithm { md5 | sha1 }
undo esp authentication-algorithm
Default
In FIPS mode, ESP uses the SHA-1 authentication algorithm.
In non-FIPS mode, ESP uses no authentication algorithm.
Views
IPsec transform set view
Default command level
2: System level
Parameters
md5: Uses the MD5 algorithm, which uses a 128-bit key. This keyword is not supported in FIPS
mode.
sha1: Uses the SHA-1 algorithm, which uses a 160-bit key.
Usage guidelines
Compared with SHA-1, MD5 is faster but less secure. MD5 is sufficient for most networks. To deploy
a highly secure network, use SHA-1.
In non-FIPS mode, you must specify an encryption algorithm, an authentication algorithm, or both for
ESP. In FIPS mode, you must specify both an encryption algorithm and an authentication algorithm
for ESP. The undo esp authentication-algorithm command takes effect only if one or more
encryption algorithms are specified for ESP.
272
Advertisement
Table of Contents
