1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Network Hardware
  5. SA-VAM - VPN Acceleration Module
  6. Installation and configuration manual

Cisco SA-VAM - VPN Acceleration Module Installation And Configuration Manual page 45

Vpn acceleration module 2+ (vam2+) installation and configuration guide
Hide thumbs
Table of Contents

Advertisement

Chapter 4
Configuring the SA-VAM2+
Defining a Transform Set
A transform set is a combination of security protocols and algorithms. During the IPSec security
association negotiation, peers agree to use a specific transform set to protect a particular data flow.
To define a transform set, use the following commands, starting in global configuration mode:
Command
Step 1
Router(config)# crypto ipsec
transform-set transform-set-name
transform1 [transform2 [transform3]]
Step 2
Router(cfg-crypto-tran)# mode [tunnel |
transport]
Step 3
end
Step 4
clear crypto sa
or
clear crypto sa peer {ip-address |
peer-name}
or
clear crypto sa map map-name
or
clear crypto sa spi destination-address
protocol spi
Table
Table 4-1
Allowed Transform Combinations
Transform type
AH Transform (Pick up to one.)
OL-5979-03
4-1shows allowed transform combinations for the AH and ESP protocols.
Transform
ah-md5-hmac
ah-sha-hmac
VPN Acceleration Module 2+ (VAM2+) Installation and Configuration Guide
Purpose
Defines a transform set and enters crypto transform configuration
mode.
transform-set-name—Specifies the name of the transform set
to create (or modify).
transform1 [transform2 [transform3]
[transform4]]—Defines the IPSec security protocols and
algorithms. Accepted transform values are described in
Table
4-1.
(Optional) Changes the mode associated with the transform set.
The mode setting is only applicable to traffic whose source and
destination addresses are the IPSec peer addresses; it is ignored
for all other traffic. (All other traffic is in tunnel mode only.)
Exits the crypto transform configuration mode to enabled mode.
Clears existing IPSec security associations so that any changes to
a transform set take effect on subsequently established security
associations (SAs). (Manually established SAs are reestablished
immediately.)
Using the clear crypto sa command without parameters clears
out the full SA database, which clears out active security sessions.
You may also specify the peer, map, or entry keywords to clear
out only a subset of the SA database.
Description
AH with the MD5 (Message Digest 5)
(HMAC variant) authentication algorithm
AH with the SHA (Secure Hash Algorithm)
(HMAC variant) authentication algorithm
Configuration Tasks
4-5

Advertisement

Table of Contents
loading

Related Manuals for Cisco SA-VAM - VPN Acceleration Module

Related Products for Cisco SA-VAM - VPN Acceleration Module

This manual is also suitable for:

Sa-vam2+

Table of Contents