Cisco OL-4015-08 User Manual page 325

Chapter 13 IP Security
Name of this transform set
Data integrity and encryption (ESP)
OL-4015-08
Easy VPN Servers do not support ESP-SEAL encryption.
•
This can be any name that you want. The name does not have to match the name
in the transform set that the peer uses, but it may be helpful to give corresponding
transform sets the same name.
Check this box if you want to provide Encapsulating Security Payload (ESP) data
integrity and encryption.
Integrity Algorithm
Select one of the following:
ESP_MD5_HMAC. Message Digest 5.
•
ESP_SHA_HMAC. Security Hash Algorithm.
•
Encryption
SDM recognizes the following
ESP_DES. Encapsulating Security Payload (ESP), Data Encryption Standard
•
(DES). DES supports 56-bit encryption.
ESP_3DES. ESP, Triple DES. This is a stronger form of encryption than DES,
•
supporting 168-bit encryption.
ESP_AES_128. ESP, Advanced Encryption Standard (AES). Encryption with
•
a 128-bit key. AES provides greater security than DES and is computationally
more efficient than 3DES.
ESP_AES_192. ESP, AES encryption with a 192-bit key.
•
ESP_AES_256. ESP, AES encryption with a 256-bit key.
•
ESP_SEAL—ESP with the 160-bit encryption key Software Encryption
•
Algorithm (SEAL) encryption algorithm. SEAL (Software Encryption
Algorithm) is an alternative algorithm to software-based Data Encryption
Standard (DES), Triple DES (3DES), and Advanced Encryption Standard
(AES). SEAL encryption uses a 160-bit encryption key and has a lower
impact to the CPU when compared to other software-based algorithms.
Cisco Router and Security Device Manager Version 2.2 User's Guide
ESP encryption types:
Transform Set
13-41