Table of Contents
Advertisement
S9700 Core Routing Switch
Configuration Guide - SPU
By default, AH uses the MD5 authentication algorithm.
Step 5 (Optional) Run:
esp authentication-algorithm [ md5 | sha1 ]
The authentication algorithm used by ESP is specified.
By default, both ESP and AH use the MD5 authentication algorithm.
You can configure the authentication and encryption algorithms only after selecting a security
protocol using the transform command.
Step 6 (Optional) Run:
esp encryption-algorithm [ 3des | des | aes-128 | aes-192 | aes-256 ]
The encryption algorithm used by ESP is specified.
By default, ESP uses the DES encryption algorithm.
Step 7 (Optional) Run:
encapsulation-mode { transport | tunnel }
The packet encapsulation mode is configured.
By default, the tunnel mode is used.
----End
4.3.4 Configuring an IPSec Policy
After establishing an IPSec tunnel manually, configure an IPSec policy for the tunnel.
Context
When configuring SPI, string authentication key (string-key), hexadecimal authentication key
(authentication-hex), and hexadecimal encryption key (encryption-hex) on two ends of an
IPSec tunnel, ensure that the inbound parameters on the local end are the same as the outbound
parameters on the remote end, and the outbound parameters on the local end are the same as the
inbound parameters on the remote end.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ipsec policy policy-name seq-number manual
An IPSec policy is created.
Issue 01 (2012-03-15)
CAUTION
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4 IPSec Configuration
117
Advertisement
Table of Contents
