No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


AR500, AR510, and AR530 V200R007 Commands Reference

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
esp encryption-algorithm

esp encryption-algorithm


The esp encryption-algorithm command specifies the encryption algorithm used by the ESP protocol.

The undo esp encryption-algorithm command configures the ESP protocol not to encrypt packets.

By default, ESP uses the AES-256 encryption algorithm.


esp encryption-algorithm [ 3des | des | aes-128 | aes-192 | aes-256 ]

undo esp encryption-algorithm






Indicates that ESP uses the 168-bit Triple Data Encryption Standard (3DES) encryption algorithm.



Indicates that ESP uses the 56-bit DES encryption algorithm.



Indicates that ESP uses the AES encryption algorithm. The AES algorithm uses a key of 128 bits in plain text.



Indicates that ESP uses the AES encryption algorithm. The AES algorithm uses a key of 192 bits in plain text.



Indicates that ESP uses the AES encryption algorithm. The AES algorithm uses a key of 256 bits in plain text.



IPSec proposal view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The number of bits in the encryption algorithm is the length of the key. A larger key length indicates a more secure algorithm but a slower calculation speed.

The DES and 3DES algorithms are not recommended because they cannot meet your security defense requirements.

ESP supports the following encryption and authentication modes: both, encryption-only, authentication-only, and none. In the efficient VPN scenario, do not configure encryption or authentication algorithm for ESP when the remote device does not support IPSec encryption or authentication.


esp or ah-esp has been specified in the transform command.


The undo esp encryption-algorithm command configures ESP not to encrypt packets instead of restoring the default encryption algorithm. This command takes effect only when an encryption algorithm is used.

The ESP encryption algorithm and authentication algorithm cannot be kept blank simultaneously.

The IPSec proposals referenced by an IPSec policy on two ends of an IPSec tunnel must use the same encryption algorithm.


# Configure the IPSec proposal prop1 to use the ESP protocol and configure the ESP protocol to use the AES–256 encryption algorithm.

<Huawei> system-view
[Huawei] ipsec proposal prop1
[Huawei-ipsec-proposal-prop1] transform esp
[Huawei-ipsec-proposal-prop1] esp encryption-algorithm aes-256
Updated: 2019-05-29

Document ID: EDOC1000097293

Views: 134804

Downloads: 142

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Previous Next