Esp Authentication-Algorithm - HP 3600 v2 Series Command Reference Manual

Use the undo encapsulation-mode command to restore the default.
By default, a security protocol encapsulates IP packets in tunnel mode.
IPsec for IPv6 routing protocols supports only the transport mode.
Related commands: ipsec proposal.
Examples
# Configure IPsec proposal prop2 to encapsulate IP packets in transport mode.
<Sysname> system-view
[Sysname] ipsec proposal prop2
[Sysname-ipsec-proposal-prop2] encapsulation-mode transport

esp authentication-algorithm

Syntax
esp authentication-algorithm { md5 | sha1 }
undo esp authentication-algorithm
View
IPsec proposal view
Default level
2: System level
Parameters
md5: Uses the MD5 algorithm, which uses a 128-bit key.
sha1: Uses the SHA1 algorithm, which uses a 160-bit key.
Description
Use the esp authentication-algorithm command to specify an authentication algorithm for ESP.
Use the undo esp authentication-algorithm command to configure ESP not to perform authentication on
packets.
By default, the MD5 algorithm is used.
Compared with SHA- 1 , MD5 is faster but less secure. MD5 is sufficient for most networks. To deploy a
highly secure network, use SHA- 1 .
ESP supports three IP packet protection schemes: encryption only, authentication only, or both encryption
and authentication. For ESP, you must specify an encryption algorithm, an authentication algorithm, or
both. The undo esp authentication-algorithm command takes effect only if one encryption algorithm is
specified for ESP.
Related commands: ipsec proposal, esp encryption-algorithm, proposal, and transform.
Examples
# Configure IPsec proposal prop1 to use ESP and specify SHA1 as the authentication algorithm for ESP.
<Sysname> system-view
[Sysname] ipsec proposal prop1
[Sysname-ipsec-proposal-prop1] transform esp
[Sysname-ipsec-proposal-prop1] esp authentication-algorithm sha1
239