EasyManuals Logo
Home>HP>Switch>3600 v2 Series

HP 3600 v2 Series Configuration Guide

HP 3600 v2 Series
449 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #289 background imageLoading...
Page #289 background image
276
NOTE:
To use IPsec in combination with QoS, make sure IPsec's ACL classification rules match the QoS
classification rules. If the rules do not match, QoS may classify the packets of one IPsec SA to different
queues, causing packets to be sent out of order. When the anti-replay function is enabled, IPsec will
discard the packets beyond the anti-replay window in the inbound direction, resulting in packet loss. For
more information about QoS classification rules, see
ACL and
QoS Configuration Guide
.
Configuring an IPsec proposal
An IPsec proposal, part of an IPsec policy or an IPsec profile, defines the security parameters for IPsec SA
negotiation, including the security protocol, the encryption and authentication algorithms, and the
encapsulation mode.
To configure an IPsec proposal:
Ste
p
Command
Remarks
1. Enter system view
system-view N/A
2. Create an IPsec
proposal and enter
its view
ipsec proposal proposal-name
By default, no IPsec
proposal exists.
3. Specify the security
protocol for the
proposal
transform { ah | ah-esp | esp }
Optional.
ESP by default.
4. Specify the security
algorithms
• Specify the encryption algorithm for ESP:
{ In non-FIPS mode:
esp encryption-algorithm { 3des | aes
[ key-length ] | des }
{ In FIPS mode:
esp encryption-algorithm aes [ key-length ]
• Specify the authentication algorithm for ESP:
{ In non-FIPS mode:
esp authentication-algorithm { md5 | sha1 }
{ In FIPS mode:
esp authentication-algorithm sha1
• Specify the authentication algorithm for AH:
{ In non-FIPS mode:
ah authentication-algorithm { md5 | sha1 }
{ In FIPS mode:
ah authentication-algorithm sha1
Optional.
For ESP, the default
encryption algorithm is
DES in non-FIPS mode and
is AES-128 in FIPS mode.
For ESP and AH, the
default authentication
algorithm is MD5 in
non-FIPS mode and is
SHA1 in FIPS mode.
5. Specify the IP packet
encapsulation mode
for the IPsec proposal
encapsulation-mode { transport | tunnel }
Optional.
Tunnel mode by default.
Transport mode applies
only when the source and
destination IP addresses
of data flows match those
of the IPsec tunnel.
IPsec for IPv6 routing
protocols supports only
the transport mode.

Table of Contents

Other manuals for HP 3600 v2 Series

Preview: Command Reference
Command Reference479 pages
Preview: Installation Guide
Installation Guide62 pages
Preview: Security Configuration Guide
Security Configuration Guide398 pages
Preview: Compliance And Safety Manual
Compliance And Safety Manual51 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HP 3600 v2 Series and is the answer not in the manual?

HP 3600 v2 Series Specifications

General IconGeneral
BrandHP
Model3600 v2 Series
CategorySwitch
LanguageEnglish

Related product manuals