Table of Contents
Advertisement
By default, the setting is des, that is, data encryption standard algorithm is adopted.
This command is applicable to the IPSec module of the operating system and crypto
card.
Thereinto, des, 3des, blowfish, cast, and skipjack encryption algorithms are
applicable to the IPSec module of the operating system and crypto card. It means
that these algorithms can be used in IPSec proposal view and crypto card proposal
view. And aes and qc5 encryption algorithms are only applicable to crypto card. It
means that these two algorithms can be used in crypto card proposal view.
3des algorithm can meet the requirement of high confidentiality and security, but it is
comparatively slow. And other algorithms can satisfy the normal security
requirements.
ESP enables a packet to be encrypted and authenticated concurrently, or it enables
either of encryption or authentication. The encryption and authentication algorithms
used by ESP cannot be set to a vacant value at the same time. When not using
encryption algorithm, the system will automatically test whether ESP is using
authentication algorithm. If the authentication algorithm was not used, the system will
prompt the wrong indication information.
For related commands, see ipsec proposal, esp-new authentication-algorithm,
proposal, sa inbound/outbound, transform.
Example
# Configure 3des.
[3Com]ipsec proposal trans1
[3Com-ipsec-proposal-trans1]transform esp-new
[3Com-ipsec-proposal-trans1]esp-new encryption-algorithm 3des
4.1.25 ipsec card-proposal
Syntax
ipsec card-proposal proposal-name
undo ipsec card-proposal proposal-name
View
System view
Security
67
- Quick Links:
- Command Line Interface Commands
Hide quick links:
Advertisement
Chapters
Table of Contents
