Cisco Cisco Packet Data Gateway (PDG)
IPSec Transform Set Configuration Mode Commands
▀ hmac
▄ Command Line Interface Reference, StarOS Release 17
6548
hmac
Configures the IPsec ESP integrity algorithm using a Hash-based Message Authentication Code (HMAC).
Product
ePDG
PDIF
SCM
Privilege
Security Administrator, Administrator
Mode
Exec > Global Configuration > Context Configuration > IPSec Transform Set Configuration
configure > context context_name > ipsec transform-set set_name
Entering the above command sequence results in the following prompt:
[context_name]host_name(config-context-vrf)#
Syntax
hmac { aes-xcbc-96 | md5-96 | none| null
default hmac
default hmac
Sets the default IPSec hashing algorithm to SHA1-96.
aes-xcbc-96
AES-XCBC-96 uses a 128-bit secret key and produces a 128-bit authenticator value.
md5-96
MD5-96 uses a 128-bit secret key and produces a 128-bit authenticator value.
null
Configures the HMAC value to be null. The NULL encryption algorithm represents the optional use of
applying encryption within ESP. ESP can then be used to provide authentication and integrity without
confidentiality.
applying encryption within ESP. ESP can then be used to provide authentication and integrity without
confidentiality.
sha1-96
SHA-1 uses a 160-bit secret key and produces a 160-bit authenticator value. This is the default setting for this
command.
command.
Usage
HMAC is an encryption technique used by IPsec to make sure that a message has not been altered.
A keyed-Hash-based Message Authentication Code (HMAC), is a type of message authentication code that is
calculated using a cryptographic hash function in combination with a secret key to verify both data integrity
A keyed-Hash-based Message Authentication Code (HMAC), is a type of message authentication code that is
calculated using a cryptographic hash function in combination with a secret key to verify both data integrity