Command Reference Guide

3Com Router 5000 Family and Router 6000 Family esp authentication-algorithm ● 131

Command Reference

esp authentication-algorithm

Purpose Use the esp authentication-algorithm command to set the authentication

algorithm used by ESP.

Use the undo esp authentication-algorithm command to set ESP not to

authenticate packets.

Syntax esp authentication-algorithm { md5 | sha1 }

undo esp authentication-algorithm

Parameters md5

Use MD5 algorithm with the length of the key 128

bits.

sha1

Use SHA1 algorithm with the length of the key 160

bits.

Default By default, MD5 algorithm is used.

Example Set a proposal that adopts ESP, and uses SHA1.

[3Com] ipsec proposal prop1

[3Com-ipsec-proposal- prop1] transform esp

[3Com-ipsec-proposal- prop1] esp authentication-algorithm sha1

View This command can be used in the following views:

■ IPSec Proposal view

Description MD5 is faster than SHA1, while SHA1 is securer than MD5.

ESP permits a packet to be encrypted or authenticated or both.

The encryption and authentication algorithm used by ESP cannot be set to vacant at

the same time.

The undo esp authentication-algorithm command is not used to restore

the authentication algorithm to the default; instead it is used to set the

authentication algorithm to vacant, i.e. not authentication. When the encryption

algorithm is not vacant, the

undo esp authentication-algorithm

command is valid.

The proposal used by the ipsec policies set at both ends of the security tunnel must be

set as having the same authentication algorithm.