H3C Technologies H3C SecPath F1000-E User Manual

418

Item Description

Phase 2

Security
Protocol

Select the security protocols to be used.

•

ESP: Uses the ESP protocol.

•

AH: Uses the AH protocol.

•

AH-ESP: Uses ESP first and then AH.

AH

Authentication
Algorithm

Select an authentication algorithm for AH when you select AH or AH-ESP for
Security Protocol.
Available authentication algorithms include MD5 and SHA1.

ESP
Authentication
Algorithm

Select an authentication algorithm for ESP when you select ESP or AH-ESP for
Security Protocol.
You can select MD5 or SHA1. If you do not select any authentication

algorithm, ESP performs no authentication.

IMPORTANT:

The ESP authentication algorithm and ESP encryption algorithm cannot both be

null.

ESP Encryption
Algorithm

Select an encryption algorithm for ESP when you select ESP or AH-ESP for
Security Protocol.

•

3DES: Uses the 3DES algorithm and a 168-bit key for encryption.

•

DES: Uses the DES algorithm and a 56-bit key for encryption.

•

AES128: Uses the AES algorithm and a 128-bit key for encryption.

•

AES192: Uses the AES algorithm and a 192-bit key for encryption.

•

AES256: Uses the AES algorithm and a 256-bit key for encryption.

•

If you do not select any encryption algorithm, ESP performs no encryption.

IMPORTANT:

•

Higher security means more complex implementation and lower speed.

DES is enough to meet general requirements. Use 3DES when high

confidentiality and security are required.

•

The ESP authentication algorithm and ESP encryption algorithm cannot

both be null.

Encapsulation
Mode

Select the IP packet encapsulation mode.

•

Tunnel: Uses the tunnel mode.

•

Transport: Uses the transport mode.