2132 CHAPTER 140: IPS EC CONFIGURATION COMMANDSundo esp encryption-algorithmView IPSec proposal viewParameter 3des: Uses triple DES (3DES) in cipher block chaining (CBC) mode as theencryption algorithm. The 3DES algorithm uses a 168-bit key for encryption.aes: Uses advanced encryption standard (AES) in CBC mode as the encryptionalgorithm. The AES algorithm uses a 128- bit, 192-bit, or 256-bit key forencryption.key-length: Key length for the AES algorithm, which can be 128, 192, and 256and is defaulted to 128. This argument is for AES only.des: Uses data encryption standard (DES) in CBC mode as the encryptionalgorithm, The DES algorithm uses a 56-bit key for encryption.Description Use the esp encryption-algorithm command to specify the encryptionalgorithm for ESP.Use the undo esp encryption-algorithm command to configure ESP so thatESP does not encrypt packets.By default, the DES algorithm is used.Note that:■ 3DES is well suited for environments with high demand on confidentiality andsecurity, but it is comparatively slow in encryption. DES is enough to satisfynormal security requirements.■ ESP allows the encryption and/or authentication of a packet.■ ESP supports three IP packet protection schemes: encryption only,authentication only, or both encryption and authentication. The undo espencryption-algorithm command takes effect only if no authenticationalgorithm is used.Related command: ipsec proposal, esp authentication-algorithm, proposal, and transform.Example # Configure IPSec proposal prop1 to use ESP and 3DES. system-view[Sysname] ipsec proposal prop1[Sysname-ipsec-proposal-prop1] transform esp[Sysname-ipsec-proposal-prop1] esp encryption-algorithm 3desike-peer (IPSec policy view/IPSec policy template view)Syntax ike-peer peer-nameundo ike-peer peer-name