272
Parameters
transport
: Uses transport mode.
tunnel
: Uses tunnel mode.
Usage guidelines
IPsec for IPv6 routing protocols supports only the transport mode.
When IPsec uses IKE to set up the IPsec tunnel, this command can be used only in IPsec transform
set view.
Examples
# When IPsec uses IKE, configure IPsec transform set
tran1
to use the transport encapsulation
mode.
<Sysname> system-view
[Sysname] ipsec transform-set tran1
[Sysname-ipsec-transform-set-tran1] encapsulation-mode transport
Related commands
ipsec transform-set
esp authentication-algorithm
Use
esp authentication-algorithm
to specify authentication algorithms for ESP.
Use
undo esp authentication-algorithm
to restore the default.
Syntax
esp authentication-algorithm
{
md5
|
sha1
}
undo esp authentication-algorithm
Default
In FIPS mode, ESP uses the SHA-1 authentication algorithm.
In non-FIPS mode, ESP uses no authentication algorithm.
Views
IPsec transform set view
Default command level
2: System level
Parameters
md5
: Uses the MD5 algorithm, which uses a 128-bit key. This keyword is not supported in FIPS
mode.
sha1
: Uses the SHA-1 algorithm, which uses a 160-bit key.
Usage guidelines
Compared with SHA-1, MD5 is faster but less secure. MD5 is sufficient for most networks. To deploy
a highly secure network, use SHA-1.
In non-FIPS mode, you must specify an encryption algorithm, an authentication algorithm, or both for
ESP. In FIPS mode, you must specify both an encryption algorithm and an authentication algorithm
for ESP. The
undo
esp
authentication-algorithm
command takes effect only if one or more
encryption algorithms are specified for ESP.