3Com 10014299 Network Router User Manual


 
568 CHAPTER 40: CONFIGURING IPSEC
Perform the following configurations in IPSec proposal view (or proposal view of
crypto card)
Table 638 Select Encryption Algorithm and Authentication Algorithm
By default, ESP protocol adopts des encryption algorithm and md5-hmac-96
authentication algorithm, and AH protocol adopts md5-hmac-96 authentication
algorithm.
The commands undo esp-new encryption-algorithm and undo esp-new
authentication-algorithm cannot be used at the same time. That is, ESP must
use at least one type of encryption algorithm or authentication algorithm.
Creating a Security
Policy
The following questions should be answered before a security policy is created:
Which data needs IPSec protection?
How long should the data stream be protected by SA?
What security policy will be used?
Is the security policy created manually or through IKE negotiation?
The following aspects require attention when a security policy is created:
To create a security policy, you must specify its negotiation mode. Once a
security policy is created, its negotiation mode cannot be modified. To create a
new security policy, the current one must be deleted. For example, a security
policy created with manual mode cannot be modified to a policy with isakmp
mode. To have the same policy with a different mode, you must delete the
policy then recreate it with a different mode.
Security policies with the same name together comprise a security policy group.
The name and the sequence number define a security policy uniquely, and a
security policy group can include at most 100 security policies. The security
policy with smaller sequence number in the same security policy group is of
Operation Command
Set the encryption algorithm adopted by
ESP protocol (applicable to IPSec software)
esp-new encryption-algorithm { 3des |
des | blowfish | cast | skipjack }
Set the encryption algorithm adopted by
ESP protocol (applicable to crypto card)
esp-new encryption-algorithm { 3des |
des | blowfish | cast | skipjack |
aes | qc5 }
Cancel the encryption algorithm adopted
by ESP protocol(applicable to IPSec
software and crypto card)
undo esp-new encryption-algorithm
Set the authentication algorithm adopted
by ESP protocol (applicable to IPSec
software and crypto card)
esp-new authentication-algorithm {
md5-hmac-96 | sha1-hmac-96 }
Cancel the authentication algorithm
adopted by ESP protocol (applicable to
IPSec software and crypto card)
undo esp-new
authentication-algorithm
Set the authentication algorithm adopted
by AH protocol (applicable to IPSec
software and crypto card)
ah-new authentication-algorithm {
md5-hmac-96 | sha1-hmac-96 }
Restore the authentication algorithm
adopted by AH protocol (applicable to
IPSec software and crypto card)
undo ah-new authentication-algorithm