No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE20E-S2 V800R010C10SPC500 Configuration Guide - Security 01

This is NE20E-S2 V800R010C10SPC500 Configuration Guide - Security
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring a Security Proposal

Configuring a Security Proposal

A security proposal can be configured to define the security protocol, authentication and encryption algorithms for protocol packets, and encapsulation mode.

Context

Before using Internet Protocol Security (IPsec) to authenticate and encrypt protocol packets, you must create a security proposal and define the security protocol type, authentication and encryption algorithms for protocol packets, and encapsulation mode in the security proposal.

The security protocols, authentication and encryption algorithms for protocol packets, and encapsulation modes must be the same on IPsec peers.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run ipsec proposal proposal-name

    A security proposal is created and the security proposal view is displayed.

  3. Run encapsulation-mode transport

    The protocol packet encapsulation mode is configured.

  4. (Optional) Run transform { ah | ah-esp | esp }

    A security protocol is configured.

  5. An authentication algorithm and an encryption algorithm are configured based on the selected security protocol.

    • When Authentication Header (AH) is configured, run the ah authentication-algorithm { md5 | sha1 | sha2-256 | sha2-384 | sha2-512 } command to configure a corresponding authentication algorithm.

      NOTE:

      To ensure high security, do not use the MD5/SHA1 algorithm as the AH authentication algorithm.

    • When ESP is configured, run the esp authentication-algorithm { md5 | sha1 | sha2-256 | sha2-384 | sha2-512 } command to configure a corresponding authentication algorithm.

      NOTE:

      To ensure high security, do not use the MD5/SHA1 algorithm as the ESP authentication algorithm.

    • When ESP is configured, run the esp encryption-algorithm { des | 3des | aes [ 128 | 192 | 256 ] } command to configure the ESP encryption algorithm.

      NOTE:

      To ensure high security, do not use the DES/3DES algorithm as the ESP encryption algorithm.

  6. Run commit

    The configuration is committed.

Translation
Download
Updated: 2019-01-02

Document ID: EDOC1100055397

Views: 19590

Downloads: 39

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next