esp encryption-algorithm
Syntax
esp encryption-algorithm aes [ key-length ]
undo esp encryption-algorithm
View
IPsec proposal view
Default level
2: System level
Parameters
aes: Uses the Advanced Encryption Standard (AES) in CBC mode as the encryption algorithm. The AES algorithm uses a 128- bit, 192-bit, or 256-bit key for encryption.
key-length: Key length for the AES algorithm, which can be 128, 192, and 256 and defaults to 128. This argument is for AES only.
Description
Use the esp encryption-algorithm command to specify an encryption algorithm for ESP.
Use the undo esp encryption-algorithm command to configure ESP not to encrypt packets.
By default, AES-128 is used.
You must use both ESP authentication and encryption.
For ESP, you must specify an encryption algorithm, an authentication algorithm, or both. The undo esp encryption-algorithm command takes effect only if one authentication algorithm is specified for ESP.
Related commands: ipsec proposal, esp authentication-algorithm, proposal, and transform.
Examples
# Configure IPsec proposal prop1 to use ESP and specify AES as the encryption algorithm for ESP.
<Sysname> system-view [Sysname] ipsec proposal prop1 [Sysname-ipsec-proposal-prop1] transform esp [Sysname-ipsec-proposal-prop1] esp encryption-algorithm aes