Command Reference Guide
3Com Router 5000 Family and Router 6000 Family transform ● 301
Command Reference
transform
Purpose Use the transform command to set a security protocol used by a proposal.
Use the undo transform command to restore the default security protocol.
Syntax transform { ah | ah-esp | esp }
undo transform
Parameters ah
Uses AH protocol specified in RFC2402.
ah-esp
Uses ESP specified in RFC2406 to protect the packets
and then uses AH protocol specified in RFC2402 to
authenticate packets.
esp
Uses ESP specified in RFC2406.
Default By default, esp, that is, the ESP specified in RFC2406 is used.
Example Set a proposal using AH.
[3Com] ipsec proposal prop1
[3Com-ipsec-proposal-prop1] transform ah
View This command can be used in the following views:
■ IPSec Proposal view
Description If ESP is adopted, the default encryption algorithm is DES and the authentication
algorithm is MD5.
If AH is adopted, the default authentication algorithm is MD5.
If the parameter ah-esp is specified, the default authentication algorithm for AH is
MD5 and the default encryption algorithm for ESP is DES without authentication.
AH protocol provides data authentication, data integrity check and anti-replay
function.
ESP protocol provides data authentication, data integrity check, anti-replay function
and data encryption.
While establishing a SA manually, the proposals used by the ipsec policy set at both
ends of the security tunnel must be set as using the same security protocol.