The esp encryption-algorithm command configures the encryption algorithm for ESP protocol.
The undo esp encryption-algorithm command cancels the encryption algorithm for ESP protocol.
By default, ESP protocol uses the Advanced Encryption Standard-256 (AES-256) encryption algorithm.
| Parameter | Description | Value |
|---|---|---|
3des |
Indicates that ESP uses 3DES algorithm to encrypt packets. |
- |
aes |
Indicates that ESP uses Advanced Encryption Standard (AES) algorithm in CBC mode to encrypt packets. By default, If 128, 192 and 256 are not configured, AES 128 bits algorithm is used for ESP to encrypt packets. |
- |
128 |
Indicates that ESP uses AES 128 bits algorithm to encrypt packets. |
- |
192 |
Indicates that ESP uses AES 192 bits algorithm to encrypt packets. |
- |
256 |
Indicates that ESP uses AES 256 bits algorithm to encrypt packets. |
- |
Usage Scenario
IPSec can use ESP protocol to authenticate and encrypt packets, preventing packets from being intercepted or modified, you can run the esp encryption-algorithm command to configure the encryption algorithm for ESP protocol.
Prerequisite
The protocol of this IPSec proposal has been configured to AH using the transform command.
Precautions
The encryption algorithms on both IPSec peers must be identical.
The authentication algorithm and encryption algorithm cannot be both set to NULL for ESP.
The system software does not support the des parameter. To use the des parameter, you need to install the WEAKEA plug-in. For higher security purposes, you are advised to specify the aes [ 128 | 192 | 256 ] parameter.