Table 8-20. Key Lengths for Standard Algorithms
Algorithm
Minimum Key Length in Bits
SHA
160
MD5
128
AES
• 128
• 192
• 256
DES
64
3DES
192
Configuring Crypto Maps for Manual IPSec
You define the IPSec SA in a crypto map entry. First create a crypto map entry
that uses manual keying:
Syntax: crypto map <mapname> <map index> [ipsec-ike | ipsec-manual]
For example:
ProCurve(config)# crypto map VPN 20 ipsec-manual
Specifying the Transform Set. Associate the crypto map entry with up to
six transform sets. Use this command, entered from the crypto map configu-
ration mode context:
Syntax: set transform-set <setname> [<setname2>] [<setname3>] [<setname4>]
[<setname5>] [<setname6>]
Defining the Keys. You then use the set session-key command to define
the keys that secure the IPSec SA. In this command, you specify:
1.
whether the key is for inbound or outbound traffic
2.
the key protocol (AH or ESP)
3.
SPI
4.
encryption key (for ESP)
5.
authentication key (optional for ESP)
Use the commands shown in Table 8-21 to configure the keys for the IPSec
SA. When you enter the key in HEX, do not enter the initial 0x for each
character.
Virtual Private Networks
Configuring a VPN Using IPSec
Minimum Key length in HEX
20
16
• 16
• 24
• 32
8
24
8-67