Configuring a Security Proposal
A security proposal can be configured to define the security protocol, authentication and encryption algorithms for protocol packets, and encapsulation mode.
Context
Before using IPsec to authenticate and encrypt protocol packets, you must create a security proposal and define the security protocol type, authentication and encryption algorithms, and encapsulation mode in the security proposal.
The security protocols, authentication and encryption algorithms for protocol packets, and encapsulation modes must be the same on IPsec peers.
Procedure
- Run system-view
The system view is displayed.
- Run ipsec proposal proposal-name
A security proposal is created and the security proposal view is displayed.
- Run encapsulation-mode transport
The protocol packet encapsulation mode is configured.
- (Optional) Run transform { ah | ah-esp | esp }
A security protocol is configured.
- An authentication algorithm and an encryption algorithm are configured based on the selected security protocol.
If Authentication Header (AH) is configured, run the ah authentication-algorithm { md5 | sha1 | sha2-256 | sha2-384 | sha2-512 } command to configure an authentication algorithm.
To help provide high security, do not use the MD5 or SHA1 algorithm as an AH authentication algorithm.
If ESP is configured, run the esp authentication-algorithm { md5 | sha1 | sha2-256 | sha2-384 | sha2-512 } command to configure an authentication algorithm.
To help provide high security, do not use the MD5 or SHA1 algorithm as an ESP authentication algorithm.
- If ESP is configured, run the esp encryption-algorithm { des | 3des | aes { 128 | 192 | 256 } } command to configure an ESP encryption algorithm.
To help provide high security, do not use the DES or 3DES algorithm as an ESP encryption algorithm.
- Run commit
The configuration is committed.