Cisco Cisco ASR 5000
IPSec Transform Set Configuration Mode Commands
hmac ▀
Command Line Interface Reference, StarOS Release 18 ▄
6653
hmac
Configures the IPsec ESP integrity algorithm using a Hash-based Message Authentication Code (HMAC).
Product
ePDG
PDIF
SCM
Privilege
Security Administrator, Administrator
Mode
Exec > Global Configuration > Context Configuration > IPSec Transform Set Configuration
configure > context context_name > ipsec transform-set set_name
Entering the above command sequence results in the following prompt:
[context_name]host_name(config-context-vrf)#
Syntax
hmac { aes-xcbc-96 | md5-96 | none| null | sha1-96 | sha2-256-128 | sha2-384-192 | sha2-
512-256 }
512-256 }
default hmac
default hmac
Sets the default IPSec hashing algorithm to SHA1-96.
aes-xcbc-96
AES-XCBC-96 uses a 128-bit secret key and produces a 128-bit authenticator value.
md5-96
MD5-96 uses a 128-bit secret key and produces a 128-bit authenticator value.
none
Sets the IPsec hashing algorithm to none. Used with OpenSSL AEAD algorithms.
null
Configures the HMAC value to be null. The NULL encryption algorithm represents the optional use of
applying encryption within ESP. ESP can then be used to provide authentication and integrity without
confidentiality.
applying encryption within ESP. ESP can then be used to provide authentication and integrity without
confidentiality.
sha1-96
SHA-1 uses a 160-bit secret key and produces a 160-bit authenticator value. This is the default setting for this
command.
command.