H3C S6550X-HI Series Command Reference Manual page 2249

Views
IPsec transform set view
Predefined user roles
network-admin
Parameters
aes-xcbc-mac
keyword is available only for IKEv2.
: Specifies the HMAC-MD5-96 algorithm, which uses a 128-bit key.
md5
: Specifies the HMAC-SHA1-96 algorithm, which uses a 160-bit key.
sha1
: Specifies the HMAC-SHA256 algorithm, which uses a 256-bit key.
sha256
: Specifies the HMAC-SHA384 algorithm, which uses a 384-bit key.
sha384
: Specifies the HMAC-SHA512 algorithm, which uses a 512-bit key.
sha512
Usage guidelines
You can specify multiple ESP authentication algorithms for one IPsec transform set, and the
algorithm specified earlier has a higher priority.
For a manual or IKEv1-based IPsec policy, the first specified ESP authentication algorithm takes
effect. To make sure an IPsec tunnel can be established successfully, the IPsec transform sets
specified at both ends of the tunnel must have the same first ESP authentication algorithm.
Examples
# Configure IPsec transform set tran1 to use the HMAC-SHA1 algorithm as the ESP authentication
algorithm.
<Sysname> system-view
[Sysname] ipsec transform-set tran1
[Sysname-ipsec-transform-set-tran1] esp authentication-algorithm sha1
Related commands
ipsec transform-set
esp encryption-algorithm
Use
esp encryption-algorithm
Use
undo esp encryption-algorithm
Syntax
In non-FIPS mode:
esp encryption-algorithm { 3des-cbc | aes-cbc-128 | aes-cbc-192 |
aes-cbc-256 | aes-ctr-128 | aes-ctr-192 | aes-ctr-256 | camellia-cbc-128 |
camellia-cbc-192 | camellia-cbc-256 | des-cbc | gmac-128 | gmac-192 |
gmac-256 | gcm-128 | gcm-192 | gcm-256 | null } *
undo esp encryption-algorithm
Default
ESP does not use any encryption algorithms.
Views
IPsec transform set view
: Specifies the HMAC-AES-XCBC-96 algorithm, which uses a 128-bit key. This
to specify encryption algorithms for ESP.
to restore the default.
24