esp encryption-algorithm

Syntax

esp encryption-algorithm aes [ key-length ]

undo esp encryption-algorithm

View

IPsec proposal view

Default level

2: System level

Parameters

aes: Uses the Advanced Encryption Standard (AES) in CBC mode as the encryption algorithm. The AES algorithm uses a 128- bit, 192-bit, or 256-bit key for encryption.

key-length: Key length for the AES algorithm, which can be 128, 192, and 256 and defaults to 128. This argument is for AES only.

Description

Use the esp encryption-algorithm command to specify an encryption algorithm for ESP.

Use the undo esp encryption-algorithm command to configure ESP not to encrypt packets.

By default, AES-128 is used.

You must use both ESP authentication and encryption.

For ESP, you must specify an encryption algorithm, an authentication algorithm, or both. The undo esp encryption-algorithm command takes effect only if one authentication algorithm is specified for ESP.

Related commands: ipsec proposal, esp authentication-algorithm, proposal, and transform.

Examples

# Configure IPsec proposal prop1 to use ESP and specify AES as the encryption algorithm for ESP.

<Sysname> system-view
[Sysname] ipsec proposal prop1
[Sysname-ipsec-proposal-prop1] transform esp
[Sysname-ipsec-proposal-prop1] esp encryption-algorithm aes