HP FlexNetwork 10500 Series Security Configuration Manual page 299
Hide thumbs
Also See for FlexNetwork 10500 Series:
- Configuration manual (512 pages) ,
- Specifications (42 pages) ,
- Datasheet (20 pages)
Table of Contents
Advertisement
Step
4.
Specify the security
algorithms.
5.
Specify the mode in
which the security
protocol encapsulates
IP packets.
Command
•
(In non-FIPS mode.) Specify the
encryption algorithm for ESP:
esp encryption-algorithm
{ 3des-cbc | aes-cbc-128 |
aes-cbc-192 | aes-cbc-256 |
aes-ctr-128 | aes-ctr-192 |
aes-ctr-256 | camellia-cbc-128 |
camellia-cbc-192 |
camellia-cbc-256 | des-cbc |
gmac-128 | gmac-192 |
gmac-256 | gcm-128 | gcm-192 |
gcm-256 | null } *
•
(In FIPS mode.) Specify the
encryption algorithm for ESP:
esp encryption-algorithm
{ aes-cbc-128 | aes-cbc-192 |
aes-cbc-256 | aes-ctr-128 |
aes-ctr-192 | aes-ctr-256 |
gmac-128 | gmac-192 |
gmac-256 | gcm-128 | gcm-192 |
gcm-256 } *
•
(In non-FIPS mode.) Specify the
authentication algorithm for ESP:
esp authentication-algorithm
{ aes-xcbc-mac | md5 | sha1 |
sha256 | sha384 | sha512 } *
•
(In FIPS mode.) Specify the
authentication algorithm for ESP:
esp authentication-algorithm
{ sha1 | sha256 | sha384 |
sha512 } *
•
(In non-FIPS mode.) Specify the
authentication algorithm for AH:
ah authentication-algorithm
{ aes-xcbc-mac | md5 | sha1 |
sha256 | sha384 | sha512 } *
•
(In FIPS mode.) Specify the
authentication algorithm for AH:
ah authentication-algorithm
{ sha1 | sha256 | sha384 |
sha512 } *
encapsulation-mode { transport |
tunnel }
285
Remarks
Configure at least one command.
By default, no security algorithm
is specified.
You can specify security
algorithms for a security protocol
only when the security protocol is
used by the transform set. For
example, you can specify the
ESP-specific security algorithms
only when you select ESP or
AH-ESP as the security protocol.
If you use ESP in FIPS mode, you
must specify both the ESP
encryption algorithm and the ESP
authentication algorithm.
You can specify multiple
algorithms by using one
command, and the algorithm
specified earlier has a higher
priority.
The aes-ctr-128, aes-ctr-192,
aes-ctr-256, camellia-cbc-128,
camellia-cbc-192,
camellia-cbc-256, gmac-128,
gmac-192, gmac-256, gcm-128,
gcm-192, and gcm-256
encryption algorithms and the
aes-xcbc-mac, sha256, sha384,
and sha512 authentication
algorithms are available only for
IKEv2.
By default, the security protocol
encapsulates IP packets in tunnel
mode.
The transport mode applies only
when the source and destination
IP addresses of data flows match
those of the IPsec tunnel.
IPsec for IPv6 routing protocols
supports only the transport mode.
Advertisement
Table of Contents
Troubleshooting
