H3C SecPath F1800-A Operation Manual page 529

Operation Manual - VPN
H3C SecPath F1800-A Firewall
Select an authentication algorithm
for ESP.
Remove authentication algorithm
from ESP.
Select an authentication algorithm
for AH.
Restore the default authentication
algorithm for AH.
Through the ESP protocol, you can encrypt and authenticate packets at the same
time or separately.
Note:
Using the undo esp authentication-algorithm command, you cannot restore the
default authentication algorithm but set the authentication algorithm to be null, namely,
no authentication. In the case of authentication algorithm is null, undo esp
authentication-algorithm command is invalid. Not supporting encryption, the AH
protocol can authenticate packets only.
Using the undo ah authentication-algorithm command, you can restore the default
authentication algorithm (MD5) for AH protocol. The IPSec proposals applied to the
IPSec policies on both ends of the tunnel should be configured with the same
authentication algorithm and encryption algorithm.
The default encryption algorithm and authentication algorithm for ESP is DES and
MD5 respectively.
The default authentication algorithm for AH is MD5.
IV. Selecting Packet Encapsulation Mode
Packet encapsulation mode should be specified for an IPSec proposal. IPSec
encapsulates IP packets in two modes: transport mode and tunnel mode.
Do as follows in IPSec proposal view.
Table 3-5 Selecting packet encapsulation mode
Select a packet encapsulation mode for a
security protocol.
Restore the default packet encapsulation mode.
Usually, the tunnel mode is applied between two security gateways (routers). A packet
encrypted by a security gateway can be decrypted by the other security gateway only.
Action
Action
7-49
Chapter 3 IPSec Configuration
Command
esp authentication-algorithm { md5 | sha1 }
undo esp authentication-algorithm
ah authentication-algorithm { md5 | sha1 }
undo ah authentication-algorithm
encapsulation-mode
{ transport | tunnel }
undo encapsulation-mode
Command