2150
C
140: IPS
HAPTER
EC
transform
Syntax
View
Parameter
Description
Related command:
Example
tunnel local
Syntax
View
Parameter
C
C
ONFIGURATION
OMMANDS
transform { ah | ah-esp | esp }
undo transform
IPSec proposal view
ah: Uses the AH protocol.
ah-esp: Uses ESP first and then AH.
esp: Uses the ESP protocol.
Use the
transform
proposal.
Use the
undo transform
By default, the ESP protocol is used.
Note that:
If ESP is used, the default encryption and authentication algorithms are DES
■
and MD5 respectively.
If AH is used, the default authentication algorithm is MD5.
■
If both AH and ESP are used, AH takes the authentication algorithm of MD5 by
■
default, while ESP takes the encryption algorithm of DES and uses no
authentication algorithm by default.
The IPSec proposals at the two ends of an IPSec tunnel must use the same
■
security protocol.
ipsec proposal.
# Configure IPSec proposal prop1 to use AH.
<Sysname> system-view
[Sysname] ipsec proposal prop1
[Sysname-ipsec-proposal-prop1] transform ah
tunnel local ip-address
undo tunnel local
IPSec policy view
ip-address: Local address for the IPSec tunnel.
command to specify the security protocol for an IPSec
command to restore the default.