Configuring an ipsec policy template, Configuring an ipsec, Policy template – H3C Technologies H3C SecPath F1000-E User Manual

Page 177

Advertising
background image

165

Item

Description

ESP Encryption
Algorithm

Select an encryption algorithm for ESP when the security protocol is ESP or AH-ESP.
Options include:

DES—Uses the DES algorithm and 56-bit keys for encryption. In FIPS mode, DES is not

supported and, if selected, does not take effect.

3DES—Uses the 3DES algorithm and 168-bit keys for encryption. In FIPS mode, 3DES

is not supported and, if selected, does not take effect.

AES128—Uses the AES algorithm and 128-bit keys for encryption.

AES192—Uses the AES algorithm and 192-bit keys for encryption.

AES256—Uses the AES algorithm and 256-bit keys for encryption.

Leave it null so the ESP performs no encryption. In FIPS mode, you must select both an

authentication algorithm and an encryption algorithm for ESP.

IMPORTANT:

Higher security means increased complexity and decreased speed. DES is sufficient

for general security requirements. Use 3DES if you require very high confidentiality

and security.

The ESP authentication and encryption algorithms cannot be both null.

Configuring an IPsec policy template

1.

Select VPN > IPSec > Policy-Template from the navigation tree to enter IPsec policy template

management page.

Figure 112 IPsec policy template list

2.

Click Add to enter the IPsec policy template configuration page.

3.

Configure an IPsec policy template as described in

Table 12

.

4.

Click Apply.

Advertising