< Home

transform

Function

The transform command configures the security protocol in a security proposal.

The undo transform command restores the default security protocol.

By default, the Encapsulating Security Payload (ESP) protocol is used, as defined in RFC.

Format

transform { ah | esp }

undo transform

Parameters

Parameter Description Value
ah Configures Authentication Header (AH) as the security protocol. -
esp Configures ESP as the security protocol. -

Views

IPSec proposal view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

  • When AH is specified, AH only authenticates packets.

    When AH is specified, by default, AH uses the SHA-256 authentication algorithm.

  • When ESP is specified, ESP can encrypt/authenticate, or encrypt and authenticate packets.

    When ESP is specified, ESP uses the SHA-256 authentication algorithm, the AES-256 encryption algorithm.

AH prevents data tampering but cannot prevent data interception, so it applies only to the transmission of non-confidential data. ESP provides authentication service inferior to that of AH, but it can encrypt packet payloads.

Follow-up Procedure

Configure the authentication algorithm for AH when AH is used.

Configure the authentication and encryption algorithms for ESP when ESP is used.

Precautions

When multiple security proposals are configured, the latest configuration takes effect, and the default authentication and encryption algorithms will be restored.

The IPSec proposals configured on both ends of an IPSec tunnel must use the same security tunnel.

Example

# Configure AH for the security proposal named prop.

<HUAWEI> system-view
[HUAWEI] ipsec proposal prop
[HUAWEI-ipsec-proposal-prop] transform ah
Parent Topic: IPSec Configuration Commands (IPSec Encryption)
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic