Crypto Transform-Set Domain Ipsec - Cisco MDS 9000 series Command Reference Manual

Chapter 4 C Commands
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m

crypto transform-set domain ipsec

To create and configure IPsec transform sets, use the crypto transform-set domain ipsec command. To
delete an IPsec transform set, use the no form of the command.
Syntax Description
set-name
esp-3des
esp-des
esp-aes-xcbc-mac
esp-md5-hmac
esp-sha1-hmac
esp-aes
128
256
ctr
Defaults None.
The default mode of AES is CBC (Cyber Block Chaining).
Command Modes
Configuration mode.
Command History Release
2.0(x)
Usage Guidelines To use this command, IPsec must be enabled using the crypto ipsec enable command.
You can use this command to modify existing IPsec transform sets. If you change a transform set
definition, the change is only applied to crypto map entries that reference the transform set. The change
is not applied to existing security associations, but used in subsequent negotiations to establish new
security associations. If you want the new settings to take effect sooner, you can clear all or part of the
security association database using the clear crypto sa domain ipsec command.
OL-8413-07, Cisco MDS SAN-OS Release 3.x
crypto transform-set domain ipsec set-name {esp-3des | esp-des} [esp-aes-xcbc-mac |
esp-md5-hmac | esp-sha1-hmac]
crypto transform-set domain ipsec set-name esp-aes {128 | 256} [ctr {esp-aes-xcbc-mac |
esp-md5-hmac | esp-sha1-hmac} | esp-aes-xcbc-mac | esp-md5-hmac | esp-sha1-hmac]
crypto transform-set domain ipsec set-name [{esp-3des | esp-des} [esp-aes-xcbc-mac |
esp-md5-hmac | esp-sha1-hmac]]
crypto transform-set domain ipsec set-name esp-aes [{128 | 256} [ctr {esp-aes-xcbc-mac |
esp-md5-hmac | esp-sha1-hmac} | esp-aes-xcbc-mac | esp-md5-hmac | esp-sha1-hmac]]
Specifies the transform set name. Maximum length is 63 characters.
Specifies ESP transform using the 3DES cipher (128 bits).
Specifies ESP transform using the DES cipher (56 bits).
Specifies ESP transform using AES-XCBC-MAC authentication.
Specifies ESP transform using MD5-HMAC authentication.
Specifies ESP transform using SHA1-HMAC authentication
Specifies ESP transform using the AES cipher (128 or 256 bits).
Specifies ESP transform using AES 128-bit cipher.
Specifies ESP transform using AES 256-bit cipher.
Specifies AES in counter mode.
Modification
This command was introduced.
crypto transform-set domain ipsec
Cisco MDS 9000 Family Command Reference
4-131