ah-esp: Uses ESP first and then AH.
esp: Uses the ESP protocol.
Description
Use the transform command to specify a security protocol for an IPsec proposal.
Use the undo transform command to restore the default.
By default, the ESP protocol is used.
•
If AH is used, the default authentication algorithm is SHA1.
If ESP is used, the default encryption and authentication algorithms are AES- 1 28 and SHA1,
•
respectively.
If both AH and ESP are used, AH uses the SHA1 authentication algorithm by default, and ESP uses
•
the AES- 1 28 encryption algorithm and the SHA1 authentication algorithm by default.
The IPsec proposals at the two ends of an IPsec tunnel must use the same security protocol.
Related commands: ipsec proposal.
Examples
# Configure IPsec proposal prop1 to use AH.
<Sysname> system-view
[Sysname] ipsec proposal prop1
[Sysname-ipsec-proposal-prop1] transform ah
tunnel local
Syntax
tunnel local ip-address
undo tunnel local
View
IPsec policy view
Default level
2: System level
Parameters
ip-address: Local address for the IPsec tunnel.
Description
Use the tunnel local command to configure the local address of an IPsec tunnel.
Use the undo tunnel local command to remove the configuration.
By default, no local address is configured for an IPsec tunnel.
The local address, if not configured, will be the address of the interface to which the IPsec policy is
applied.
Related commands: ipsec policy (system view).
Examples
# Set the local address of the IPsec tunnel to the address of Loopback 0, 10.0.0.1.
349