Esp Encryption-Algorithm - HPE FlexNetwork HSR6800 Security Command Reference

Examples
# Configure IPsec transform set prop1 to use ESP and specify SHA-1 as the authentication
algorithm for ESP.
<Sysname> system-view
[Sysname] ipsec transform-set prop1
[Sysname-ipsec-transform-set-prop1] transform esp
[Sysname-ipsec-transform-set-prop1] esp authentication-algorithm sha1
Related commands
•
ipsec transform-set
•

esp encryption-algorithm

esp encryption-algorithm
Use esp encryption-algorithm to specify encryption algorithms for ESP.
Use undo esp encryption-algorithm to restore the default.
Syntax
esp encryption-algorithm { 3des | aes-cbc-128 | aes-cbc-192 | aes-cbc-256 | des }
undo esp encryption-algorithm
Default
In FIPS mode, ESP uses the AES-128 encryption algorithm.
In non-FIPS mode, ESP uses no encryption algorithm.
Views
IPsec transform set view
Default command level
2: System level
Parameters
3des: Uses the triple Data Encryption Standard (3DES) in CBC mode, which uses a 168-bit key. This
keyword is not supported in FIPS mode.
aes-cbc-128: Uses the Advanced Encryption Standard (AES) in CBC mode that uses a 128- bit key.
aes-cbc-192: Uses AES in CBC mode that uses a 192-bit key.
aes-cbc-256: Uses AES in CBC mode that uses a 256-bit key.
des: Uses the DES in cipher block chaining (CBC) mode, which uses a 56-bit key. This keyword is
not supported in FIPS mode.
Usage guidelines
ESP supports three IP packet protection schemes: encryption only, authentication only, or both
encryption and authentication. In non-FIPS mode, you must specify an encryption algorithm, an
authentication algorithm, or both for ESP. In FIPS mode, you must specify both an encryption
algorithm and an authentication algorithm for ESP. The undo esp encryption-algorithm command
takes effect only if one or more authentication algorithms are specified for ESP.
Examples
# Configure IPsec transform set prop1 to use ESP and specify 3DES as the encryption algorithm for
ESP.
<Sysname> system-view
273