3com MSR 20-20 참조 매뉴얼
2132
C
HAPTER
140: IPS
EC
C
ONFIGURATION
C
OMMANDS
undo esp encryption-algorithm
View
IPSec proposal view
Parameter
3des: Uses triple DES (3DES) in cipher block chaining (CBC) mode as the
encryption algorithm. The 3DES algorithm uses a 168-bit key for encryption.
encryption algorithm. The 3DES algorithm uses a 168-bit key for encryption.
aes: Uses advanced encryption standard (AES) in CBC mode as the encryption
algorithm. The AES algorithm uses a 128- bit, 192-bit, or 256-bit key for
encryption.
algorithm. The AES algorithm uses a 128- bit, 192-bit, or 256-bit key for
encryption.
key-length: Key length for the AES algorithm, which can be 128, 192, and 256
and is defaulted to 128. This argument is for AES only.
and is defaulted to 128. This argument is for AES only.
des: Uses data encryption standard (DES) in CBC mode as the encryption
algorithm, The DES algorithm uses a 56-bit key for encryption.
algorithm, The DES algorithm uses a 56-bit key for encryption.
Description
Use the esp encryption-algorithm command to specify the encryption
algorithm for ESP.
algorithm for ESP.
Use the undo esp encryption-algorithm command to configure ESP so that
ESP does not encrypt packets.
ESP does not encrypt packets.
By default, the DES algorithm is used.
Note that:
■
3DES is well suited for environments with high demand on confidentiality and
security, but it is comparatively slow in encryption. DES is enough to satisfy
normal security requirements.
security, but it is comparatively slow in encryption. DES is enough to satisfy
normal security requirements.
■
ESP allows the encryption and/or authentication of a packet.
■
ESP supports three IP packet protection schemes: encryption only,
authentication only, or both encryption and authentication. The undo esp
encryption-algorithm command takes effect only if no authentication
algorithm is used.
authentication only, or both encryption and authentication. The undo esp
encryption-algorithm command takes effect only if no authentication
algorithm is used.
Related command:
Example
# Configure IPSec proposal prop1 to use ESP and 3DES.
<Sysname> system-view
[Sysname] ipsec proposal prop1
[Sysname-ipsec-proposal-prop1] transform esp
[Sysname-ipsec-proposal-prop1] esp encryption-algorithm 3des
ike-peer (IPSec policy view/IPSec policy template view)
Syntax
ike-peer peer-name
undo ike-peer peer-name