Cisco Cisco Packet Data Gateway (PDG) Fehlerbehebungsanleitung
IPSec Transform Set Configuration Mode Commands
hmac ▀
Cisco ASR 5000 Series Command Line Interface Reference ▄
OL-22948-01
hmac
Configures the IPsec ESP integrity algorithm.
Product
PDIF
Privilege
Security Administrator, Administrator
Syntax
Configures the default hmac value of sha1-96.
MD5-96 uses a 128-bit secret key and produces a 128-bit authenticator value.
SHA-1 uses a 160-bit secret key and produces a 160-bit authenticator value.
This is the default setting for this command.
This is the default setting for this command.
Configures the hmac value to be null. The NULL encryption algorithm represents the optional use of
applying encryption within ESP. ESP can then be used to provide authentication and integrity without
confidentiality.
applying encryption within ESP. ESP can then be used to provide authentication and integrity without
confidentiality.
Usage
HMAC is an encryption technique used by IPSec to make sure that a message has not been altered.
A keyed-Hash Message Authentication Code, or HMAC, is a type of message authentication code (MAC)
calculated using a cryptographic hash function in combination with a secret key to verify both data integrity
and message authenticity. A hash takes a message of any size and transforms it into a message of a fixed size:
the authenticator value. This is truncated to 96 bits and transmitted. The authenticator value is reconstituted
by the receiver and the first 96 bits are compared for a 100 percent match.
Because RFC 4306 calls for interoperability between IPsec and IKEv2, the IKEv2 integrity algorithms must
be the same as those configured for IPsec in order for there to be an acceptable match during the IKE
message exchange.
A keyed-Hash Message Authentication Code, or HMAC, is a type of message authentication code (MAC)
calculated using a cryptographic hash function in combination with a secret key to verify both data integrity
and message authenticity. A hash takes a message of any size and transforms it into a message of a fixed size:
the authenticator value. This is truncated to 96 bits and transmitted. The authenticator value is reconstituted
by the receiver and the first 96 bits are compared for a 100 percent match.
Because RFC 4306 calls for interoperability between IPsec and IKEv2, the IKEv2 integrity algorithms must
be the same as those configured for IPsec in order for there to be an acceptable match during the IKE
message exchange.
Example
The following command configures the default HMAC value (SHA1-96):
The following command configures the default HMAC value (SHA1-96):