esp encryption-algorithm

Function

The esp encryption-algorithm command configures the encryption algorithm for Encapsulating Security Payload (ESP).

The undo esp encryption-algorithm command configures ESP not to encrypt protocol packets.

By default, AES-256 encryption algorithm is used for ESP.

Format

esp encryption-algorithm aes

esp encryption-algorithm { 3des | des | { aes | aes-gcm-128 } { 128 | 192 | 256 } }

undo esp encryption-algorithm

Parameters

Parameter Description Value
3des

Indicates that ESP uses Triple Data Encryption Standard (3DES) to encrypt protocol packets.

The 3DES encryption algorithm has a low security level and may bring security risks. If supported, using a more secure encryption algorithm, such as AES, is recommended.

-
des

Indicates that ESP uses DES to encrypt protocol packets. The DES encryption algorithm has a low security level and may bring security risks. If supported, using a more secure encryption algorithm, such as AES, is recommended.

-
aes

Indicates that ESP uses AES-CBC encryption algorithm to encrypt protocol packets. There are three values for the key length, to provide security protection of different levels.

-
aes-gcm-128

Indicates that ESP uses AES-GCM-128 encryption algorithm to encrypt protocol packets. There are three values for the key length, to provide security protection of different levels.
128

Specifies the key length of 128 bits.

-
192

Specifies the key length of 192 bits.

-
256

Specifies the key length of 256 bits.

-

Views

IPsec proposal view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
ipsec write

Usage Guidelines

Usage Scenario

IPsec uses authentication and encryption algorithms to protect protocol packet transmission, preventing protocol packets from being intercepted or modified. Therefore, specify an encryption algorithm before using ESP to ensure security.

3DES is more secure than DES. AES is more secure than 3DES.

Prerequisites

You can configure an encryption algorithm only after ESP is used.

Precautions

The undo esp encryption-algorithm command does not restore the default encryption algorithm but configures ESP not to encrypt protocol packets.

The encryption algorithm and authentication algorithm cannot be both set to NULL for ESP.

The encryption algorithms on both IPsec peers must be identical.

Example

# Set the encryption algorithm to AES-256 for ESP.
<HUAWEI> system-view
[~HUAWEI] ipsec proposal prop1
[*HUAWEI-ipsec-proposal-prop1] transform esp
[*HUAWEI-ipsec-proposal-prop1] esp encryption-algorithm aes 256
Parent Topic: IPSec Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >