You are here: Home > CLI Commands > Just_CLI_Topics > crypto ipsec

crypto ipsec

crypto ipsec

mtu <max-mtu>

transform-set <transform-set-name>

esp-3des {esp-md5-hmac|esp-null-hmac|esp-sha-hmac}

esp-aes128 {esp-md5-hmac|esp-null-hmac|esp-sha-hmac}

esp-aes128-gcm

esp-aes192 {esp-md5-hmac|esp-null-hmac|esp-sha-hmac}

esp-aes256 {esp-md5-hmac|esp-null-hmac|esp-sha-hmac}

esp-aes256-gcm

esp-des {esp-md5-hmac|esp-null-hmac|esp-sha-hmac}

esp-null {esp-md5-hmac|esp-null-hmac|esp-sha-hmac}

Description

This command configures IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. parameters.

Syntax

Parameter

Description

mtu <max-mtu>

Configure the IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. Maximum Transmission Unit (MTUMaximum Transmission Unit. MTU is the largest size packet or frame specified in octets (eight-bit bytes) that can be sent in networks such as the Internet.) size.

The supported range is 1024 to 1500 and the default is 1500.

transform-set <transform-set-mtu>

Create or modify a transform set.

esp-3des

Use ESP with 168-bit 3DESTriple Data Encryption Standard. 3DES is a symmetric-key block cipher that applies the DES cipher algorithm three times to each data block. encryption.

esp-aes128

Use ESP with 128-bit AESAdvanced Encryption Standard. AES is an encryption standard used for encrypting and protecting electronic data. The AES encrypts and decrypts data in blocks of 128 bits (16 bytes), and can use keys of 128 bits, 192 bits, and 256 bits. encryption.

esp-aes128-gcm

Use ESP with 128-bit AESAdvanced Encryption Standard. AES is an encryption standard used for encrypting and protecting electronic data. The AES encrypts and decrypts data in blocks of 128 bits (16 bytes), and can use keys of 128 bits, 192 bits, and 256 bits.-GCM encryption.

esp-aes192

Use ESP with 192-bit AESAdvanced Encryption Standard. AES is an encryption standard used for encrypting and protecting electronic data. The AES encrypts and decrypts data in blocks of 128 bits (16 bytes), and can use keys of 128 bits, 192 bits, and 256 bits. encryption.

esp-aes256

Use ESP with 256-bit AESAdvanced Encryption Standard. AES is an encryption standard used for encrypting and protecting electronic data. The AES encrypts and decrypts data in blocks of 128 bits (16 bytes), and can use keys of 128 bits, 192 bits, and 256 bits. encryption.

esp-aes256-gcm

Use ESP with 256-bit AESAdvanced Encryption Standard. AES is an encryption standard used for encrypting and protecting electronic data. The AES encrypts and decrypts data in blocks of 128 bits (16 bytes), and can use keys of 128 bits, 192 bits, and 256 bits.-GCM encryption.

esp-des

Use ESP with 56-bit DESData Encryption Standard. DES is a common standard for data encryption and a form of secret key cryptography, which uses only one key for encryption and decryption. encryption.

esp-null

Use ESP with NULL encryption. Supported with only IKEv1Internet Key Exchange version 1. IKEv1 establishes a secure authenticated communication channel by using either the pre-shared key (shared secret), digital signatures, or public key encryption. IKEv1 operates in Main and Aggressive modes. See RFC 2409..

The following fields are common to the parameters listed in the command definition:

   esp-md5-hmac

Use ESP with the MD5Message Digest 5. The MD5 algorithm is a widely used hash function producing a 128-bit hash value from the data input. (HMAC variant) authentication algorithm.

   esp-null-hmac

Use ESP with no authentication. This option is not recommended.

   esp-sha-hmac

Use ESP with the SHASecure Hash Algorithm. SHA is a family of cryptographic hash functions. The SHA algorithm includes the SHA, SHA-1, SHA-2 and SHA-3 variants. (HMAC variant) authentication algorithm.

Usage Guidelines

Define the Maximum Transmission Unit (MTUMaximum Transmission Unit. MTU is the largest size packet or frame specified in octets (eight-bit bytes) that can be sent in networks such as the Internet.) size allowed for network transmissions using IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. security, and create or edit transform sets that define a specific encryption and authentication type.

Example

The following command configures 3DESTriple Data Encryption Standard. 3DES is a symmetric-key block cipher that applies the DES cipher algorithm three times to each data block. encryption and MD5Message Digest 5. The MD5 algorithm is a widely used hash function producing a 128-bit hash value from the data input. authentication for a transform set named set2:

(host) [mynode] (config)# crypto ipsec transform-set set2 esp-3des esp-md5-hmac

Command History

Release

Modification

ArubaOS 8.1.0.0

The esp-null transform-set parameter was introduced.

ArubaOS 8.0.0.0

Command introduced.

Command Information

Platforms

Licensing

Command Mode

All platforms

The esp-aes128-gcm and esp-aes56-gcm transform-set parameters require the Advanced Cryptography (ACR) license. All other parameters are available in the base OS.

Config mode on Mobility Master.

/*]]>*/