HP FlexNetwork MSR Series Command Reference Manual page 497
Comware 7 security
Hide thumbs
Also See for FlexNetwork MSR Series:
- Configuration manual (392 pages) ,
- Configuration manuals (159 pages)
Advertisement
aes-cbc-192: Uses the AES algorithm in CBC mode, which uses a 192-bit key.
aes-cbc-256: Uses the AES algorithm in CBC mode, which uses a 256-bit key.
aes-ctr-128: Uses the AES algorithm in CTR mode, which uses a 128-bit key. This keyword is
available only for IKEv2.
aes-ctr-192: Uses the AES algorithm in CTR mode, which uses a 192-bit key. This keyword is
available only for IKEv2.
aes-ctr-256: Uses the AES algorithm in CTR mode, which uses a 256-bit key. This keyword is
available only for IKEv2.
camellia-cbc-128: Uses the Camellia algorithm in CBC mode, which uses a 128-bit key. This
keyword is available only for IKEv2.
camellia-cbc-192: Uses the Camellia algorithm in CBC mode, which uses a 192-bit key. This
keyword is available only for IKEv2.
camellia-cbc-256: Uses the Camellia algorithm in CBC mode, which uses a 256-bit key. This
keyword is available only for IKEv2.
des-cbc: Uses the DES algorithm in CBC mode, which uses a 64-bit key.
gmac-128: Uses the GMAC algorithm, which uses a 128-bit key. This keyword is available only for
IKEv2.
gmac-192: Uses the GMAC algorithm, which uses a 192-bit key. This keyword is available only for
IKEv2.
gmac-256: Uses the GMAC algorithm, which uses a 256-bit key. This keyword is available only for
IKEv2.
gcm-128: Uses the GCM algorithm, which uses a 128-bit key. This keyword is available only for
IKEv2.
gcm-192: Uses the GCM algorithm, which uses a 192-bit key. This keyword is available only for
IKEv2.
gcm-256: Uses the GCM algorithm, which uses a 256-bit key. This keyword is available only for
IKEv2.
null: Uses the NULL algorithm, which means encryption is not performed.
Usage guidelines
You can specify multiple ESP encryption algorithms for one IPsec transform set, and the algorithm
specified earlier has a higher priority.
For a manual or IKEv1-based IPsec policy, the first specified ESP encryption algorithm takes effect.
To make sure an IPsec tunnel can be established successfully, the IPsec transform sets specified at
both ends of the tunnel must have the same first ESP encryption algorithm.
GCM and GMAC algorithms are combined mode algorithms. GCM algorithms provide encryption
and authentication services. GMAC algorithms only provide authentication service. Combined mode
algorithms can be used only when ESP is used alone without AH. Combined mode algorithms
cannot be used together with ordinary ESP authentication algorithms.
Examples
# Configure the IPsec transform set tran1 to use aes-cbc-128 as the ESP encryption algorithm.
<Sysname> system-view
[Sysname] ipsec transform-set tran1
[Sysname-ipsec-transform-set-tran1] esp encryption-algorithm aes-cbc-128
Related commands
ipsec transform-set
479
Advertisement
