SROS Command Line Interface Reference Guide
crypto ipsec transform-set <setname> <parameters>
Use the crypto ipsec transform-set command to define the transform configuration for securing data
(e.g., esp-3des, esp-sha-hmac, etc.). The transform-set is then assigned to a crypto map using the map's
set transform-set command. See set transform-set <setname1 - setname6> on page 1238.
Note
For VPN configuration example scripts, refer to the technical support note VPN
Configuration Guide located on the ProCurve SROS Documentation CD provided with
your unit.
Syntax Description
<setname>
<parameters>
Default Values
There are no default settings for this command.
Functional Notes
Crypto map entries do not directly contain the transform configuration for securing data. Instead, the crypto
map is associated with transform sets which contain specific security algorithms.
If no transform-set is configured for a crypto map, the entry is incomplete and will have no effect on the
system.
Usage Examples
The following example first creates a transform-set (Set1) consisting of two security algorithms (up to three
may be defined), and then assigns the transform-set to a crypto map (Map1):
ProCurve(config)#crypto ipsec transform-set Set1 esp-3des esp-sha-hmac
ProCurve(cfg-crypto-trans)#exit
ProCurve(config)#crypto map Map1 1 ipsec-ike
ProCurve(config-crypto-map)#set transform-set Set1
5991-2114
Specifies a name for the transform-set you are about to define.
Assigns a combination of up to three security algorithms. This field is a valid
combination of the following:
•
ah-md5-hmac, ah-sha-hmac
•
esp-des, esp-3des, esp-aes-128-cbc, esp-aes-192-cbc, esp-aes-256-cbc,
esp-null
•
esp-md5-hmac, esp-sha-hmac
© Copyright 2007 Hewlett-Packard Development Company, L.P.
Global Configuration Mode Command Set
350