IPSEC_1.3.6.1.4.1.2011.6.122.26.6.18 hwIPSecWeakEncr

Description

IPSEC/4/IPSECWEAKENCR: OID [OID] CBC mode encryption algorithm is used, and GCM mode encryption algorithm is recommended. (PeerAddress=[PeerAddress], InterfaceName=[InterfaceName]) "

Currently, the CBC encryption algorithm is used, and the GCM encryption algorithm is recommended.

Attribute

Alarm ID Alarm Severity Alarm Type

1.3.6.1.4.1.2011.6.122.26.6.18

Warning

Device alarm

Parameters

Name Meaning

OID

Indicates the MIB object ID of the alarm.

PeerAddress

IP address of the tunnel remote end.

InterfaceName

Interface name.

Impact on the System

ESP uses the insecure CBC encryption algorithm.

Possible Causes

The device supports the GCM encryption algorithm, but ESP uses the insecure CBC encryption algorithm.

Procedure

  1. Run the esp encryption-algorithm command in the IPSec proposal view to configure the GCM encryption algorithm for ESP.
Parent Topic: IPSec
Copyright © Huawei Technologies Co., Ltd.
< Previous topic