H3C SecPath F1800-A Operation Manual page 528

Operation Manual - VPN
H3C SecPath F1800-A Firewall
Data source authentication
Data integrity authentication
Anti-replay
Data encryption
AH-ESP protocol offers both the functions of AH and ESP.
Do as follows in IPSec proposal view.
Table 3-3 Selecting security protocol
Select a security protocol for an IPSec
proposal.
Restore the default security protocol.
Note:
Before configuring the security algorithm, you must first select the security protocol
using the transform command.
For example, if you select the esp protocol, you can configure the security algorithm
only for ESP instead of configuring it for AH protocol.
III. Selecting Security Algorithm
Authentication algorithms vary with IPSec protocols, so do encryption algorithms.
So far, AH supports:
MD5 authentication algorithm
SHA-1 authentication algorithm
ESP supports:
MD5 authentication algorithm
SHA-1 authentication algorithm
DES encryption algorithm
3DES encryption algorithm
Do as follows in IPSec proposal view.
Table 3-4 Selecting security algorithm
Select an encryption algorithm for
ESP.
Remove
from ESP.
Action
Action
encryption algorithm
7-48
Chapter 3 IPSec Configuration
transform { ah | ah-esp | esp }
undo transform
Command
esp encryption-algorithm { 3des | des }
undo esp encryption-algorithm
Command