The ah authentication-algorithm command configures the authentication algorithm for Authentication Header (AH).
The undo ah authentication-algorithm command restores the default authentication algorithm for AH.
By default, the authentication algorithm for AH is SHA2-256.
| Parameter | Description | Value |
|---|---|---|
| md5 |
Configures Message Digest 5 (MD5) as the authentication algorithm for AH. To ensure high security, do not use the MD5 algorithm as the AH authentication algorithm. |
- |
| sha1 |
Configures Secure Hash Algorithm-1 (SHA-1) as the authentication algorithm for AH. To ensure high security, do not use the SHA-1 algorithm as the AH authentication algorithm. |
- |
| sha2-256 |
Configures SHA2-256 as the authentication algorithm for AH. |
- |
| sha2-384 |
Configures SHA2-384 as the authentication algorithm for AH. |
- |
| sha2-512 |
Configures SHA2-512 as the authentication algorithm for AH. |
- |
Usage Scenario
AH is used to prevent protocol packets from being intercepted or modified and implement origin authentication during protocol packet transmission. AH implements the Hash algorithm on the sending and receiving parties and checks protocol packet integrity and authenticity.
AH currently supports MD5, SHA-1, SHA2-256, SHA2-384, SHA2-512 authentication algorithms. MD5 is faster than SHA-1, but is less secure.Prerequisites
The transform command has been configured to select AH before the authentication algorithm for AH is configured.
Precautions
The authentication algorithms on both IPsec peers must be identical.