3com MSR 20-20 참조 매뉴얼

C

HAPTER

 140: IPS

EC

 C

ONFIGURATION

 C

OMMANDS

IPSec proposal view

3des: Uses triple DES (3DES) in cipher block chaining (CBC) mode as the 
encryption algorithm. The 3DES algorithm uses a 168-bit key for encryption.

aes: Uses advanced encryption standard (AES) in CBC mode as the encryption 
algorithm. The AES algorithm uses a 128- bit, 192-bit, or 256-bit key for 
encryption.

key-length: Key length for the AES algorithm, which can be 128, 192, and 256 
and is defaulted to 128. This argument is for AES only.

des: Uses data encryption standard (DES) in CBC mode as the encryption 
algorithm, The DES algorithm uses a 56-bit key for encryption.

Use the esp encryption-algorithm command to specify the encryption 
algorithm for ESP.

Use the undo esp encryption-algorithm command to configure ESP so that 
ESP does not encrypt packets.

By default, the DES algorithm is used.

Note that:

■

3DES is well suited for environments with high demand on confidentiality and 
security, but it is comparatively slow in encryption. DES is enough to satisfy 
normal security requirements.

■

ESP allows the encryption and/or authentication of a packet.

■

ESP supports three IP packet protection schemes: encryption only, 
authentication only, or both encryption and authentication. The undo esp 
encryption-algorithm command takes effect only if no authentication 
algorithm is used.

ipsec proposal, esp authentication-algorithm, proposal, and transform.

# Configure IPSec proposal prop1 to use ESP and 3DES.

<Sysname> system-view

[Sysname] ipsec proposal prop1

[Sysname-ipsec-proposal-prop1] transform esp

[Sysname-ipsec-proposal-prop1] esp encryption-algorithm 3des 

ike-peer peer-name

undo ike-peer peer-name