HP 6125XLG R2306-HP 6125XLG Blade Switch Security Command Reference - Page 237

IPsec commands IPsec commands are supported only when the switch is operating in FIPS mode. For more information about FIPS mode, see Security Configuration Guide. ah authentication-algorithm Use ah authentication-algorithm to specify authentication algorithms for the AH protocol. Use undo ah authentication-algorithm to remove all specified authentication algorithms for the AH protocols. Syntax In non-FIPS mode: ah authentication-algorithm { md5 | sha1 } * undo ah authentication-algorithm In FIPS mode: ah authentication-algorithm sha1 undo ah authentication-algorithm Default AH does not use any authentication algorithm. Views IPsec transform set view Predefined user roles network-admin Parameters md5: Uses the HMAC-MD5 algorithm, which uses a 128-bit key. sha1: Uses the HMAC-SHA1 algorithm, which uses a 160-bit key. Usage guidelines In non-FIPS mode, you can specify multiple AH authentication algorithms for one IPsec transform set, and the algorithm specified earlier has a higher priority. • For a manual IPsec policy, the first specified AH authentication algorithm takes effect. To make sure an IPsec tunnel can be established successfully, the IPsec transform sets specified at both ends of the tunnel must have the same first AH authentication algorithm. • For an IKE-based IPsec policy, the initiator sends the first AH authentication algorithm specified in the IPsec transform set to the peer end during the negotiation phase, and the responder matches the received algorithm against its local algorithms until a match is found. To ensure a successful IKE negotiation, the IPsec transform sets specified at both ends of the tunnel must have at least one same AH authentication algorithm. 228