Table of Contents
Advertisement
VPN
Configuring the Site-to-Site VPN
STEP 4
STEP 5
NOTE
STEP 1
STEP 2
STEP 3
Cisco ISA500 Series Integrated Security Appliance Administrator Guide
Click OK to save your settings.
Click Save to apply your settings.
Configuring the IPSec Transform Policies
A transform policy specifies the algorithms of integrity and encrytion the peers
will use to protect data communications. Two peers must use the same algorithm
to communicate.
The security appliance supports up to 16 transform policies.
Click VPN -> Site-to-Site -> Transform Policies.
The Transform Policies window opens. The default and custom transform policies
are listed in the table.
To add an IPSec transform policy, click Add.
Other options: To edit an entry, Edit. To delete an entry, click Delete. The default
transform policy (DefaultTrans) can not be edited or deleted.
After you click Add or Edit, the Transform Policy - Add/Edit window opens.
Enter the following information:
•
Name: Enter an unique name for the transform policy.
•
Integrity: Choose the hash algorithm used to ensure the data integrity. It
ensures that a packet comes from where it says it comes from, and that it has
not been modified in transit. The default is ESP_SHA1_HMAC.
-
ESP_SHA1_HMAC: Authentication with SHA_1 (160-bit).
-
ESP_MD5_HMAC: Authentication with MD5 (128-bit). MD5 has a smaller
digest and is considered to be slightly faster than SHA_1. A successful
(but extremely difficult) attack against MD5 has occurred; however, the
HMAC variant IKE uses prevents this attack.
8
256
Hide quick links:
Advertisement
Table of Contents
