Esp Encryption-Algorithm; Ipsec Policy - HP 3600 v2 Series Command Reference Manual

esp encryption-algorithm

Syntax
esp encryption-algorithm { 3des | aes [ key-length ] | des }
undo esp encryption-algorithm
View
IPsec proposal view
Default level
2: System level
Parameters
3des: Uses triple DES (3DES) in cipher block chaining (CBC) mode as the encryption algorithm. The
3DES algorithm uses a 168-bit key for encryption.
aes: Uses the Advanced Encryption Standard (AES) in CBC mode as the encryption algorithm. The AES
algorithm uses a 128- bit, 192-bit, or 256-bit key for encryption.
key-length: Key length for the AES algorithm, which can be 128, 192, and 256 and defaults to 128. This
argument is for AES only.
des: Uses the Data Encryption Standard (DES) in CBC mode as the encryption algorithm. The DES
algorithm uses a 56-bit key for encryption.
Description
Use the esp encryption-algorithm command to specify an encryption algorithm for ESP.
Use the undo esp encryption-algorithm command to configure ESP not to encrypt packets.
By default, the DES algorithm is used.
3DES provides high confidentiality and security, but it is slow in encryption. For a network that requires
moderate confidentiality and security, DES is sufficient.
ESP supports three IP packet protection schemes: encryption only, authentication only, or both encryption
and authentication. For ESP, you must specify an encryption algorithm, an authentication algorithm, or
both. The undo esp encryption-algorithm command takes effect only if one authentication algorithm is
specified for ESP.
Related commands: ipsec proposal, esp authentication-algorithm, proposal, and transform.
Examples
# Configure IPsec proposal prop1 to use ESP and specify 3DES as the encryption algorithm for ESP.
<Sysname> system-view
[Sysname] ipsec proposal prop1
[Sysname-ipsec-proposal-prop1] transform esp
[Sysname-ipsec-proposal-prop1] esp encryption-algorithm 3des

ipsec policy

Syntax
ipsec policy policy-name seq-number [ manual ]
undo ipsec policy policy-name [ seq-number ]
240