HP 6125XLG R2306-HP 6125XLG Blade Switch Security Command Reference - Page 256

esp authentication-algorithm Use esp authentication-algorithm to specify an authentication algorithm for ESP. Use undo esp authentication-algorithm to remove all authentication algorithms specified for ESP. Syntax In non-FIPS mode: esp authentication-algorithm { md5 | sha1 } * undo esp authentication-algorithm In FIPS mode: esp authentication-algorithm sha1 undo esp authentication-algorithm Default ESP does not use any authentication algorithms. Views IPsec transform set view Predefined user roles network-admin Parameters md5: Uses the HMAC-MD5 algorithm, which uses a 128-bit key. sha1: Uses the HMAC-SHA1 algorithm, which uses a 160-bit key. Usage guidelines In non-FIPS mode, you can specify multiple ESP authentication algorithms for one IPsec transform set, and the algorithm specified earlier has a higher priority. • For a manual IPsec policy, the first specified ESP authentication algorithm takes effect. To make sure an IPsec tunnel can be established successfully, the IPsec transform sets specified at both ends of the tunnel must have the same first ESP authentication algorithm. • For an IKE-based IPsec policy, the initiator sends the first ESP authentication algorithm specified in the IPsec transform set to the peer end during the negotiation phase, and the responder matches the received algorithm against its local algorithms until a match is found. To ensure a successful IKE negotiation, the IPsec transform sets specified at both ends of the tunnel must have at least one same ESP authentication algorithm. Examples # Configure the IPsec transform set tran1 to use HMAC-SHA1 algorithm as the ESP authentication algorithm with a 160-bit key. system-view [Sysname] ipsec transform-set tran1 [Sysname-ipsec-transform-set-tran1] esp authentication-algorithm sha1 Related commands ipsec transform-set 247