Defining Transform Sets - Cisco 7401ASR Installation And Configuration Manual

Hide thumbs Also See for 7401ASR:

Quick start manual (41 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

Table of Contents

Configuration Tasks

Defining Transform Sets

A transform set is a combination of security protocols and algorithms. During the IPSec security

association negotiation, peers agree to use a specific transform set to protect a particular data flow.

To define a transform set, use the following commands, starting in global configuration mode:

Step 1

Step 2

Step 3

Step 4

Table 4-1

Allowed Transform Combinations

AH Transform

Transform

Description

ah-md5-hmac

AH with MD5

(HMAC variant)

authentication

algorithm

Cisco 7401ASR Installation and Configuration Guide

4-4

Command

crypto ipsec transform-set

transform-set-name transform1 [transform2

[transform3]]

mode [tunnel | transport]

end

clear crypto sa

clear crypto sa peer {ip-address |

peer-name}

clear crypto sa map map-name

clear crypto sa spi destination-address

protocol spi

shows allowed transform combinations.

ESP Encryption Transform

Transform

Description

esp-3des

ESP with 168-bit Triple

DES encryption

algorithm

Chapter 4

Configuring the VPN Acceleration Module

Purpose

Defines a transform set and enters crypto

transform configuration mode.

Complex rules define which entries

Note

you can use for the transform

arguments. These rules are explained

in the command description for the

crypto ipsec transform-set

command, and

list of allowed transform

combinations.

Changes the mode associated with the

transform set. The mode setting is applicable

only to traffic whose source and destination

addresses are the IPSec peer addresses; it is

ignored for all other traffic. (All other traffic

is in tunnel mode only.)

Exits the crypto transform configuration

mode to enabled mode.

Clears existing IPSec security associations so

that any changes to a transform set take effect

on subsequently established security

associations (SAs). (Manually established

SAs are reestablished immediately.)

Using the clear crypto sa command without

parameters clears out the full SA database,

which clears out active security sessions. You

may also specify the peer, map, or entry

keywords to clear out only a subset of the SA

database.

ESP Authentication Transform

Transform

esp-md5-hmac

Table 4-1

provides a

Description

ESP with MD5

(HMAC variant)

authentication

algorithm

OL-5419-01 B0

Table of Contents

Defining Transform Sets - Cisco 7401ASR Installation And Configuration Manual

Defining Transform Sets

Troubleshooting

Related Manuals for Cisco 7401ASR

Related Content for Cisco 7401ASR

Table of Contents