2132 CHAPTER 140: IPSEC CONFIGURATION COMMANDS
undo esp encryption-algorithm
View IPSec proposal view
Parameter 3des: Uses triple DES (3DES) in cipher block chaining (CBC) mode as the
encryption algorithm. The 3DES algorithm uses a 168-bit key for encryption.
aes: Uses advanced encryption standard (AES) in CBC mode as the encryption
algorithm. The AES algorithm uses a 128- bit, 192-bit, or 256-bit key for
encryption.
key-length: Key length for the AES algorithm, which can be 128, 192, and 256
and is defaulted to 128. This argument is for AES only.
des: Uses data encryption standard (DES) in CBC mode as the encryption
algorithm, The DES algorithm uses a 56-bit key for encryption.
Description Use the
esp encryption-algorithm command to specify the encryption
algorithm for ESP.
Use the
undo esp encryption-algorithm command to configure ESP so that
ESP does not encrypt packets.
By default, the DES algorithm is used.
Note that:
■ 3DES is well suited for environments with high demand on confidentiality and
security, but it is comparatively slow in encryption. DES is enough to satisfy
normal security requirements.
■ ESP allows the encryption and/or authentication of a packet.
■ ESP supports three IP packet protection schemes: encryption only,
authentication only, or both encryption and authentication. The undo esp
encryption-algorithm command takes effect only if no authentication
algorithm is used.
Related command: ipsec proposal, esp authentication-algorithm, proposal, and transform.
Example # Configure IPSec proposal prop1 to use ESP and 3DES.
<Sysname> system-view
[Sysname] ipsec proposal prop1
[Sysname-ipsec-proposal-prop1] transform esp
[Sysname-ipsec-proposal-prop1] esp encryption-algorithm 3des
ike-peer (IPSec policy view/IPSec policy template view)
Syntax ike-peer peer-name
undo ike-peer peer-name
