No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

AR500, AR510, and AR530 V200R007 Commands Reference

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
transform

transform

Function

The transform command specifies a security protocol used by an IPSec proposal.

The undo transform command restores the default security protocol used by an IPSec proposal.

By default, an IPSec proposal uses the ESP protocol.

Format

transform { ah | ah-esp | esp }

undo transform

Parameters

Parameter

Description

Value

ah

Indicates that the IPSec proposal uses the AH protocol.

-

ah-esp

Indicates that the IPSec proposal encapsulates packets through ESP, then through AH.

-

esp

Indicates that the IPSec proposal uses the ESP protocol.

-

Views

IPSec proposal view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

  • When AH is specified, AH only authenticates packets.

    When AH is specified, by default, AH uses the MD5 authentication algorithm.

  • When ESP is specified, ESP can encrypt/authenticate, or encrypt and authenticate packets.

    When ESP is specified, ESP uses the MD5 authentication algorithm, the DES encryption algorithm.

  • When AH and ESP are specified, AH authenticates packets, and ESP can encrypt and authenticate packets. The device first encapsulates the ESP header, and then the AH header to packets. The device removes any AH header inserted before the ESP header.

    When AH and ESP are specified, by default, AH uses the MD5 authentication algorithm. ESP uses the MD5 authentication algorithm, the DES encryption algorithm.

AH prevents data tampering but cannot prevent data interception, so it applies only to the transmission of non-confidential data. ESP provides authentication service inferior to that of AH, but it can encrypt packet payloads.

Precautions

The IPSec proposals configured on both ends of an IPSec tunnel must use the same security protocol.

The MD5 and DES algorithms are not recommended because they cannot meet your security defense requirements.

Example

# Configure an IPSec proposal to use the AH protocol.

<Huawei> system-view
[Huawei] ipsec proposal newprop1
[Huawei-ipsec-proposal-newprop1] transform ah
Translation
Download
Updated: 2019-05-29

Document ID: EDOC1000097293

Views: 48614

Downloads: 102

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next