Table of Contents
Advertisement
Transform Set
Note
Data and address integrity without encryption (AH)
Mode
IP Compression (COMP-LZS)
Cisco Router and Security Device Manager Version 2.2 User's Guide
13-42
ESP_NULL. Null encryption algorithm, but encryption transform used.
•
The types of ESP encryption available depend on the router. Depending on the
type of router you are configuring, one or more of these encryption types may not
be available.
This check box and the fields below it appear if you click Show Advanced.
Check this box if you want the router to provide Authentication Header (AH) data
and address integrity. The authentication header will not be encrypted.
Integrity Algorithm
Select one of the following:
AH_MD5_HMAC—Message Digest 5.
•
AH_SHA_HMAC—Security Hash Algorithm.
•
Select which parts of the traffic you want to encrypt:
Transport. Encrypt data only—Transport mode is used when both endpoints
•
support IPsec; this mode places the AH or ESP after the original IP header;
thus, only the IP payload is encrypted. This method allows users to apply
network services such as quality-of-service (QoS) controls to encrypted
packets. Transport mode should be used only when the destination of the data
is always the remote VPN peer.
Tunnel. Encrypt data and IP header—Tunnel mode provides stronger
•
protection than transport mode. Because the entire IP packet is encapsulated
within
AH
or ESP, a new IP header is attached, and the entire datagram can
be encrypted. Tunnel mode allows network devices such as a router to act as
an IPsec proxy for multiple VPN users; tunnel mode should be used in those
configurations.
Check this box if you want to use data compression.
Chapter 13
IP Security
OL-4015-08
Advertisement
Table of Contents
Troubleshooting
