The esp authentication-algorithm command configures the authentication algorithm for ESP protocol.
The undo esp authentication-algorithm command cancels the authentication algorithm for ESP protocol.
By default, ESP protocol uses the Secure Hash Algorithm-256 (SHA2-256) authentication algorithm.
Parameter |
Description |
Value |
|---|---|---|
sha1 |
Specifies Secure Hash Algorithm-1 (SHA-1) as the authentication algorithm. SHA-1 generates a 160-bit message summary based on a message of less than 264 bits. |
- |
sha2-256 |
Specifies SHA2-256 as the authentication algorithm. SHA2-256 generates a 256-bit message summary based on a message of less than 264 bits. |
- |
Usage Scenario
IPSec can use ESP protocol to authenticate and encrypt packets, preventing packets from being intercepted or modified, you can run the esp authentication-algorithm command to configure the authentication algorithm for ESP protocol.
Prerequisite
The protocol of this IPSec proposal has been configured to AH using the transform command.
Precautions
The authentication algorithms on both IPSec peers must be identical.
The authentication algorithm and encryption algorithm cannot be both set to NULL for ESP.
The system software does not support the md5 parameter. To use the md5 parameter, you need to install the WEAKEA plug-in. For higher security purposes, you are advised to specify the sha2-256 parameter.