No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

AR500, AR510, and AR530 V200R007 Commands Reference

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
esp encryption-algorithm

esp encryption-algorithm

Function

The esp encryption-algorithm command specifies the encryption algorithm used by the ESP protocol.

The undo esp encryption-algorithm command configures the ESP protocol not to encrypt packets.

By default, ESP uses the AES-256 encryption algorithm.

Format

esp encryption-algorithm [ 3des | des | aes-128 | aes-192 | aes-256 ]

undo esp encryption-algorithm

Parameters

Parameter

Description

Value

3des

Indicates that ESP uses the 168-bit Triple Data Encryption Standard (3DES) encryption algorithm.

-

des

Indicates that ESP uses the 56-bit DES encryption algorithm.

-

aes-128

Indicates that ESP uses the AES encryption algorithm. The AES algorithm uses a key of 128 bits in plain text.

-

aes-192

Indicates that ESP uses the AES encryption algorithm. The AES algorithm uses a key of 192 bits in plain text.

-

aes-256

Indicates that ESP uses the AES encryption algorithm. The AES algorithm uses a key of 256 bits in plain text.

-

Views

IPSec proposal view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The number of bits in the encryption algorithm is the length of the key. A larger key length indicates a more secure algorithm but a slower calculation speed.

The DES and 3DES algorithms are not recommended because they cannot meet your security defense requirements.

ESP supports the following encryption and authentication modes: both, encryption-only, authentication-only, and none. In the efficient VPN scenario, do not configure encryption or authentication algorithm for ESP when the remote device does not support IPSec encryption or authentication.

Prerequisites

esp or ah-esp has been specified in the transform command.

Precautions

The undo esp encryption-algorithm command configures ESP not to encrypt packets instead of restoring the default encryption algorithm. This command takes effect only when an encryption algorithm is used.

The ESP encryption algorithm and authentication algorithm cannot be kept blank simultaneously.

The IPSec proposals referenced by an IPSec policy on two ends of an IPSec tunnel must use the same encryption algorithm.

Example

# Configure the IPSec proposal prop1 to use the ESP protocol and configure the ESP protocol to use the AES–256 encryption algorithm.

<Huawei> system-view
[Huawei] ipsec proposal prop1
[Huawei-ipsec-proposal-prop1] transform esp
[Huawei-ipsec-proposal-prop1] esp encryption-algorithm aes-256
Translation
Download
Updated: 2019-05-29

Document ID: EDOC1000097293

Views: 49941

Downloads: 102

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next